The file you're trying to read is a hex dump file? Ethereal can
natively read only a few types of hex-dump files. For the most part,
it would be easier to convert the hex dump to a pcap file using
"text2pcap", supplied in the Ethereal distribution.
And if text2pcap can't handle your hex dump format, you can create a
program to convert your hex dump format to a hex dump format that
text2pcap *can* handle. I did this recently; I added a
netscreen2dump.py program in the tools directory of Ethereal.
Please explain in more detail what your file format is.
--gilbert
On 4 Nov 2004 14:04:04 -0000, harsha ss <harsha.ss@xxxxxxxxxxxxxx> wrote:
>
> Thanks for the reply,
> I strucked in giving the encapsulation filetype for ethereal,
> As you say I am trying to read a file of the following format.
> Ethereal is displaying the unknown hex dump in the third window,the UNKNOWN_ENCAP_PCAP in the column info field some -ve value of the time etc.
> First I want to know what are those values and how to display the values from our file which has been read properly.
>
> The file format which i am trying to read is as follows
>
> 36| 0:00:02|1692496|expr_1 >expr_2 |packet_info_1
> |^M
> 10 00 71 00 00 00 42 71 B8 07 09 18 10 93 00 05^M/* some hexdump unlimit
> ed */
> 37| 0:00:02|1692496|expr1 >expr2 |ipacket_info_2
> |^M
> 0C 00 00 00 03 00 10 00 00 FF FF FF^M
> 38| 0:00:02|1692503|expr_1 >expr2 |packet-ifo_3
> |^M /* follows some hex dump */
>
> named as .DEC file.
> Any one please please suggest me how to go with this problem
> and tell me the ENCAP value suitable to the following format.
> regards
> Harsha
>
> On Thu, 04 Nov 2004 Gilbert Ramirez wrote :
>
>
> >Your wiretap code needs to pass an encapsulation type to ethereal.
> >Look at the WTAP_ENCAP_* values in wtap.h. Choosing the appropriate
> >value depends on what is in your file format. Can you give us some
> >background on the file format, what produces it, and what is in it?
> >
> >--gilbert
> >
> >
> >On 3 Nov 2004 14:25:51 -0000, harsha ss <harsha.ss@xxxxxxxxxxxxxx> wrote:
> > > Hello,
> > > I am trying to make the ethereal to read the new format file of different type say some text.In wiretap directory i added the routines as per the guidelines of the wiretap directory.Ethereal is reading and printing the file but it is asking for the appropriate link type either ETHERNEt etc.Which link type I have to give so that ethereal reads the packets from txt file.Its reading some unknown hexdup etc.
> > > Which file hexdump it is reading.What can i do to make ethereal to read the txt file and print the info on the ethereal window.
> > > Please anyone guide me in this regard,
> > > Harsha
> > >
> > >
> > > _______________________________________________
> > > Ethereal-dev mailing list
> > > Ethereal-dev@xxxxxxxxxxxx
> > > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> > >
> > >
> > >
>
>