Hello Martin,
thanx for your response. It helps a little bit. I didn't capture my
packets in Catapult DCT2000 format. I was only searching for a file
format where I can put ISUP(MTP3), Q.931 and SIP.
That the startpoint for my next request. Could you support MTP3 without
MTP2. That would help me.
Thanx,
Claudia Becker
-----Ursprüngliche Nachricht-----
Von: ethereal-dev-bounces@xxxxxxxxxxxx
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx]Im Auftrag von Martin
Mathieson
Gesendet: Montag, 8. Mai 2006 12:48
An: Ethereal development
Betreff: Re: AW: [Ethereal-dev] [Patches] Wiretap support for Catapult
DCT2000 .out files
Hi Claudia,
I'm not aware of any document I could point you to that describes in
detail the DCT2000 .out format. I'm not even sure what all of the
fields do, and in the interests of forward-compatibility tried to make
the parsing not rely upon finding fields I wasn't using.
You may know that the -a flag in the DCT2000 'dctprint' command or the
corresponding menu item in 'logviewer' can show absolute time (the full
time within that day) while decoding the .out file. The time will
always be stored in relative time in the .out file.
Ethereal can show the absolute timestamp of each packet. And you can
merge 2 or more .out files together using mergecap (-F dct2000 -T
dct2000) or the File | Merge... function in ethereal. While saving the
.out file the wiretap module rewrites the timestamp of each packet
calculated relative to the absolute start time of the capture (which
will be taken from the file with the earliest start-time).
What won't work properly is if you try to set an earlier time using
editcap, as it currently doesn't handle re-writing new times
and won't parse -ve relative times....
Hope this helps,
Martin
Claudia Becker wrote:
>Hi Martin,
>
>is it possible to get detailed information about the DCT2000 format?
>I'm especially interested in the time format. Is it possible to give each
>packet an absolute timestamp and not only a timestamp that is relative to
>the time in the second line of the file?
>
>Best regards
>Claudia Becker
>
>-----Ursprüngliche Nachricht-----
>Von: ethereal-dev-bounces@xxxxxxxxxxxx
>[mailto:ethereal-dev-bounces@xxxxxxxxxxxx]Im Auftrag von Martin
>Mathieson
>Gesendet: Mittwoch, 12. April 2006 19:14
>An: Ethereal development
>Betreff: [Ethereal-dev] [Patches] Wiretap support for Catapult DCT2000
>.out files
>
>
>Hi,
>
>This attached patch and new files provide support for Catapult DCT2000
>.out files to wiretap and ethereal.
>
>This wiretap support (catapult_dct2000.c+h) appends a short header to
>each packet giving some context, and a corresponding ethereal dissector
>(packet-catapult-dct2000.c) parses this before passing the real payload
>onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
>frame-relay,...).
>
>For now, there is only support for saving dct2000 files in their own
>format, although I may add support for converting between dct2000 and
>libpcap later.
>
>I've also attached a short capture file (test.out) used to test each of
>the supported link-type protocols. I know some of these messages show
>as malformed (they are mostly taken from low-level protocol tests), but
>they are enough to illustrate/verify the mapping between DCT2000
>protocols and ethereal dissectors.
>
>I've tested this with quite a few test files (I work at Catapult), and
>reading/writing/merging works well for me. I've also done some testing
>with mergecap and editcap (encap string is "dct2000") which seems to
>work. This is the first wiretap module I've added, so any
>comments/suggestions are very welcome.
>
>Best regards,
>Martin
>
>P.S. the diff file contains small, unrelated RTCP dissector changes,
>could these please be applied too...?
>
>
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
>
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev