Ethereal-users: Re: [Ethereal-users] How do I import packets to analyze in Ethereal?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 22 Jun 2001 14:14:14 -0700 (PDT)
> Please pardon the word wrap (dang e-mail).  The packet starts with 45

...which means it's probably starting with an IPv4 header.

In the current CVS tree, there's a "text2pcap" utility that reads files
in formats *somewhat* like that, and produces libpcap-style capture
files from them.

However, text2pcap requires lines of text to begin with an offset, so
you may have to write a script to process the firewall text into a
format acceptable to "text2pcap".  (Note that Perl and Python are both
available for Windows, and that text2pcap does compile on Windows.  Note
also that "compile" is a requirement right now - you'd have to wait for
the next Ethereal release if you don't have MS Visual C++ 5.0 or 6.0.)

As the packets have no link-layer headers, you'd want it to be a DLT_RAW
capture; I'd use a "-l 101" flag to text2pcap to use the "standard"
DLT_RAW value (rather than the various platform-dependent values).