On Thu, Mar 14, 2002 at 06:32:51PM -0000, bejay wrote:
> Is there a conversion tool that will allow other sniffer types to be loaded
> into Ethereal format.
"Ethereal format" is libpcap format; any tool that can convert to
libpcap format would work *IF* it can convert that particular type of
file.
The tools I know of are:
ProConvert, from Wildpackets, which is a commercial product for
Windows:
http://www.wildpackets.com/products/proconvert
editcap, which is part of Ethereal.
> For example if I have a .cap (Network Monitor) file....is there a way to
> convert this so Ethereal can accept the file.....
Well, you could use editcap or ProConvert.
However, editcap reads packets by using the *exact same library* that
Ethereal does (the Wiretap library that's part of the Ethereal source),
so any file that editcap can convert can be read directly by Ethereal!
I.e., if you have a Network Monitor capture file, and it has a
link-layer type that Wiretap can handle, Ethereal can accept the file
*as is* - there's no need to convert it. It'd be a waste of time to
convert an Ethernet, Token Ring, or FDDI Network Monitor capture file,
for example.
In fact, there are files that Ethereal can read that editcap *can't*
convert to libpcap format, because libpcap format doesn't support all
the link-layer types that Wiretap supports, so, for some captures, you
might *have* to have Ethereal read it directly - you might not be *able*
to convert it to libpcap format.
> Just wondering because I see Ethereal understands X.25 and If I have a X.25
> file but not with an Ethertype
> header just the LCN's etc how do I add the relevant information for Ethereal
> to also identify it as X.25
Well, there isn't any support in libpcap format for X.25 (other than
AX.25, but I don't how that differs from regular X.25, and neither
Ethereal nor tcpdump/libpcap read those files in any case), so you can't
convert that file.
Ethereal doesn't require packets in capture files to have a header with
an Ethernet type field. There *are* capture file formats that Ethereal
can read that include X.25 packets. However, you have not said what
type of capture file your X.25 file is - i.e., you haven't said from
what capture program/device it came - so I can't say whether Ethereal
can read it.
If Ethereal can't currently read it, then if you supply us with
1) a copy of the capture file
and
2) a detailed description of the format of the capture file, or
a detailed dissection of the packets in the capture file
(showing time stamps, packet lengths, and packet data) so
that we can try to reverse-engineer the capture file format
we might be able to add support to Ethereal for reading that capture
file.