Jeff Morriss wrote:
>
> SOLTANI FATEN wrote:
>> Hi all,
>> I have a text file which contains a MTP3 frames MTP3. To convert this
>> file into a pcap file and to decode it thereafter by Wireshark, I used:
>> "text2pcap -l 141 inputFile.txt outputFile.pcap".
>> But now I wish to decode a file which contains both of IP and MTP3
>> frames. How can I do that.
>> Thanks for any Idea
>
> You can't do that with PCAP files.
>
Using Lua it is possible to circumvent the single DLT restriction of PCAP files
to a certain degree by prefixing each message with e.g. a single byte message
type and call the appropriate dissector based on the message type like this:
do
rlsmon_proto = Proto("rlsmon","rlsmon","rlsmon Protocol")
function rlsmon_proto.init()
local function rrcdissector(name)
local disname = string.gsub(string.lower(name), "[ -]", ".")
return { protocol = name, dissector = Dissector.get(disname) }
end
rlsmon = {
[0] = rrcdissector("RRC DL-DCCH"),
[1] = rrcdissector("RRC UL-DCCH"),
[2] = rrcdissector("RRC DL-CCCH"),
[3] = rrcdissector("RRC UL-CCCH"),
}
end
function rlsmon_proto.dissector(buffer,pinfo,tree)
local msgtype = buffer(0,1):uint()
local payload = buffer(1):tvb()
pinfo.cols.protocol = rlsmon[msgtype].protocol
rlsmon[msgtype].dissector:call(payload,pinfo,tree)
end
local wtap_encap_table = DissectorTable.get("wtap_encap")
wtap_encap_table:add(wtap.USER1, rlsmon_proto)
end
Maybe a similar scheme can also be applied to solve the problem above.
Regards,
Reinhard