Re: Wireshark-users Digest, Vol 94, Issue 10

[Christopher Maynard <Christopher.Maynard () gtech com>]

Hadriel Kaplan <hadrielk@...> writes:

> For (1), not that I know of. And there is no libpcap encap type that
wouldn't have at least the IP layer anyway if you want to put UDP in it,
afaik. (there are some encaps which don't have the link layer header, but I
don't think text2pcap is that sophisticated)

The LINKTYPE_USER0-LINKTYPE-USER15 link types can be used for this purpose.
 See http://www.tcpdump.org/linktypes.html for details.

So basically there are 3 steps:

1) Pick a user DLT, say 149 and enter it into the Wireshark user decode:
Edit -> Preferences -> Protocols -> DLT_USER -> Encapsulations Table -> Edit
-> New -> DLT: (Pick 1, i.e., User 2 (DLT=149)) -> Payload protocol: udp ->
OK -> OK -> OK.

2) text2pcap -l 149 [other options] file.txt file.pcap

3) Open file.pcap in Wireshark.

Hope that helps,
- Chris


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe