Wireshark-users: Re: [Wireshark-users] Opening Acterna WAN capture files in wireshark

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 30 Jan 2007 12:30:07 -0800
Persio Pucci wrote:

is there a way to open in Wireshark files captured by an Acterna packet analyzer in a Frame Relay interface?

The list of file formats supported by Wireshark can be found at

	http://wiki.wireshark.org/FileFormatReference

It doesn't explicitly list Acterna's format; unless it uses one of the formats listed there, Wireshark can't read it.

In order to enhance Wireshark to read a file format that it currently doesn't read, somebody would need to write additional code to read that file format. This would require the author of that code to know what the file format is.

If Acterna has documented the format, and you have that documentation, we could use that to write the code to read those files. We would need some capture files to test it.

If they have *not* documented the format, we would have to "reverse-engineer" the format. As Luis Ontanon indicated, that would require that we have capture files - we'd probably want more than one file, so that we can look for patterns in the file format - as well as decoded versions of those files giving time stamps, packet content, etc. for the packets in those files.