Ethereal-dev: Re: Re: [Ethereal-dev] Trying to add new format file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Miklos Szurdi <szurdimiklos@xxxxxxxxx>
Date: Sat, 20 Nov 2004 06:51:21 -0800 (PST)
Hi proper encapsulation... thats the question of your dump file....
You should know where it captures data from... (if it is a Frame Relay card or ethernet card...etc.), and what protocol it uses in the 1st level....
When you know this you should take a look at ethereal, in one the menus it says which protocols it recognizes....from there i guess you can derive...the encapsulation type...
If not send a mail to dev-list.... someone will surely know...,
Problem... if ethereal does not the protocol you have....:( ...
 
Have you tried automake, autoconf??? (you need to run it only in the wiretap library) maybe aclocal .... as well... then run ./configure (still in the wiretap lib)
then make.... and hope the best... for me it did work fine
 
hope helped
miki
 

harsha ss <harsha.ss@xxxxxxxxxxxxxx> wrote:


Thanks for your reply
I went through the steps suggested by you,
i have the following problems

1. How to choose the proper encapsulation type to the
  file we are using, any hints?
2. In wiretap directory new routines are written in a new_file
  and that new_file.c and new_file.h are added to the list just
  after the  radcom.h and radcom.c file.
3. I got much information to write the routines from radcom.c.
  The Makefile generated from Makefile.common will include
  the new_file.c and new_file.h but The files added does not
  produce .lo and .o files please tell me the reason.
4. I can see the difference even they not produce the .lo and .o files.

Please give the further suggestion to proceed.
  Thanks in advance
      harsha
On Wed, 17 Nov 2004 Miklos Szurdi wrote :
>i will try to summarize this thing for you
>a small how to on this as it may be interesting for others to
>
>there is a readme on this in the wiretap library (README.developer)
>as it says it is very short and very dirty....but very useful!!!!!!
>you have to write to files:
>
>your_dumpfile.h
>
>this has to look like exactly radcom.h for example
>
>your_dumpfile.c
>
>this has to look like very similar to radcom.c for example
>
>(these radcom files with little c coding knowledge are easy to interpret)
>
>
>you need to write in to three existing files (in wiretap):
>/****************************************/
>In file_access.c ,add your header file to this list:
>
>#include "wtap-int.h"
>...
>#include "network_instruments.h"
>#include "your_dumpfile.h" /*this is your header file*/
>
>and to this:
>
>static int (*const open_routines[])(wtap *, int *, char **) = {
>  /* Files that have magic bytes in fixed locations. These
>  * are easy to identify.
>  */
>  libpcap_open,
>  ...
>  airopeek9_open,
>  your_dumpfile_open, /*if your dump file uses some magic number, if not than you still have to put in the same array but somewhere else...it is evident from file_access.c */
>}
>
>  dump_open_table[WTAP_NUM_FILE_TYPES] = {
>  /* WTAP_FILE_UNKNOWN */
>  { NULL, NULL,
>    NULL, NULL },
>  ....
>  /* WTAP_FILE_YOUR_DUMPFILE */
>  { NULL, NULL,
>    NULL, NULL },
>
>}
>/********************************/
>wiretap.h
>what you should make with this file is in the readme
>....
>#define WTAP_FILE_EYESDN  39
>#define WTAP_FILE_YOUR_DUMPFILE    40
>/* last WTAP_FILE_ value + 1 */
>#define WTAP_NUM_FILE_TYPES  41 /*dont forget to add one to this...*/
>....
>/*********************************/
>Makefile.common
>find where is radcom.c and radcom.h and add yours to the same place...very obvious
>on Linux you may have to run automake , autoconfig, and aclocal or something...i cant remember this part:(
>
>"tricks" (no tricks just timesaving small things) not in wiretap/README.developer
>
>in the your_dumpfile_open function:
>
>  wth->file_type = WTAP_FILE_YOURDUMP_FILE;
>  wth->file_encap = WTAP_ENCAP_SOMETHING; /*that should be something that is the basic protocol that your dump file has...not the dump file's own format...the possibilities are in the wtap.h file*/
>  wth->subtype_read = tektronix_read;
>  wth->subtype_seek_read = tektronix_seek_read;
>  wth->phdr.pkt_encap = wth->file_encap; /*this should be set to this...donno why*/
>  wth->snapshot_length = 0;
>
>in function your_dumpfile_read(....long *data_offset...)
>
>this value has to be set for the seek_read function to find the packet...
>
>that is it for me....
>
>radcom.c was a very easy to follow example for me...so i hope it will be for you
>Gilbert Ramirez <gilbertr@xxxxxxxxx> wrote:
>LIke I've said before, if the file you're reading is an hex-dump text
>file, then your easiest option is to try to convert it to a pcap file
>using text2pcap, a program that comes with ethereal. text2pcap has a
>lot of options, but if the hexdump format cannot be read by text2pcap,
>another option is to write a small program to convert your hexdump
>format to a format that *is* readable by text2pcap. I did this for a
>netscreen hexdump file... see tools/netscreen2dump.py in the ethereal
>SVN repository ( I don't think it's in 0.10.7)
>
>--gilbert
>
>
>On 17 Nov 2004 13:52:31 -0000, harsha ss wrote:
> >
> >
> >
> > Hi all,
> > I am using the ethereal 0.10.7 version on linux machine.
> > I want the ethereal to read the file of different format with a mix of
> > the ascii and hex message.Ethereal gives unknown format to read such files.
> > Please any one give suggetion to read such files and display the file
> > contents in the ethereal window.
> >
> > regards
> > Harsha
> >
> >
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >
> >
> >
>
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
>---------------------------------
>Do you Yahoo!?
>  Discover all that�s new in My Yahoo!
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev



_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev


Do you Yahoo!?
Discover all that�s new in My Yahoo!