Wireshark mailing list archives

Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there?

From: Ariel Burbaickij <ariel.burbaickij () gmail com>
Date: Mon, 4 Mar 2013 23:53:42 +0100

Hello Anders,
yes, I am able to open fhese files using "Open" but this is not enough for
my purposes. I would like  to be able to put packets with some pre-defined
(and troublesome, of course) payload  back on the wire and test how some
piece of equipment reacts to it.

/wbr
Ariel Burbaickij




You should be able to use "file open" on a .rf5 file no need to do file
import which is used differently as explained earlier.
Regards
Anders



On Mon, Mar 4, 2013 at 8:40 PM, Guy Harris <guy () alum mit edu> wrote:


On Mar 4, 2013, at 10:46 AM, Ariel Burbaickij <ariel.burbaickij () gmail com>
wrote:

Thank you for fast response, Guy.

not all link-layer header types that Wireshark can handle have

corresponding pcap/pcap-ng link-layer header types - in particular, neither
Tektronix rf5 nor HP nettl X.25 do


So, is it something like work in progress and pcap/pcap-ng headers are

going to be added or is it frozen for now?

 Neither.

The list of link-layer header types is not frozen, but there is not, and
probably never will be, an official tcpdump.org project or Wireshark to
add particular link-layer header types; new types are added when somebody
sends a request for a type to tcpdump-workers () lists tcpdump org and the
request is accepted.

The current list, and instructions on how to add values, are at

        http://www.tcpdump.org/linktypes.html

So why isn't that good enough?


Because we would like to replay (using tcpreplay) files in pcap format,

among other things.

 Adding a new link-layer header type won't be sufficient; you'll also
have to write a DLT plugin for the new type:

        http://tcpreplay.synfin.net/wiki/tcpeditDeveloper

What's the underlying link-layer type for the packets in your rf5 file?

What might be called for here is an *export* option to strip off metadata
that's neither needed nor wanted by particular programs, converting
encapsulations with no corresponding pcap/pcap-ng link-layer header type to
one of those link-layer header types.

"Open packet hex dump text file",


Let us try to work backwards here -- what is it actually supposed to do?


 Let the user read a text file containing raw packet data in hex-dump
form without requiring them to go to the command line and run text2pcap.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org> <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe <wireshark-users-request () 
wireshark org?subject=unsubscribe>



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
  - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Anders Broman (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
    - Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)