Guy Harris wrote:
> adam pinto wrote:
>
>> Does anybody know of a program or a script that can handle or dissect
>> a raw IP capture file or convert it to an Ethereal-friendly format
>> (such as pcap)? The capture I have is a bin file that contains a dump
>> of IP headers (no 2nd layer) and payloads with no padding or any
>> other bytes in between (the next byte after the first packet is
>> already the first byte of the second packet etc.).
>
>
> I don't know of one. You might have to write one yourself. (I
> presume the length of each packet can be determined from the IP total
> length field, as per "no padding or any other bytes in between".) If
> you do, the link layer type value to use in the pcap file would be
> 101, for "raw IP".
>
> It might be doable in Perl, using Net::Pcap:
>
> http://search.cpan.org/~saper/Net-Pcap-0.11/Pcap.pm
>
> to write the file (using open_dead to get a fake pcap handle to pass
> to dump_open).
It may be easy to modify 'text2pcap' to include this feature, then you
can convert your stream
like " od -Ax -tx1 yourfile | text2pcap -e 0x800 -c - yourfile.pcap",
where -c is a new option
with the meaning that the input is a 'continuous" stream of IP packets
[as opposed to a file
with each IP packet dumped individually].
--
---------------------------------------------------------------- -o)
Matthijs Melchior Maarssen /\\
mmelchior@xxxxxxxxx Netherlands _\_v
---------------------------------------------------------------- ----