Wireshark-users: Re: [Wireshark-users] Wireshark and .rf5 files from Tektronix

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Fri, 18 Jul 2008 13:54:31 +0200
The K12 configuration file applies to versions up to 0.99.5, 1.0 its
far newer it instead uses a table.

The k12 "dissector" now uses a simple table that contains two parts:
match and proto:

- "match" should contain a string that is an univocously identifiable
part of either the port name or a stack filename (.stk).

- "proto" contains the lowest layer protocol to be used (i.e. the
encapsulation mtp2, eth, sscf-nni, ...).


Once you populate your table with the various entries Wireshark will
look for "match" in either the port name or the stack filename for
that port and if there is a match for a given packet it will attempt
to decode its contents using "proto".


On Fri, Jul 18, 2008 at 1:19 PM, Adriana Matei
<adriana.matei@xxxxxxxxxxxxxx> wrote:
>  Hello all,
>
>  How should I configure my Wireshark( version 1.0.1) in order to read
> this type of files? I read about *Tektronix K12xx/K15 .rf5 files* on
> http://wiki.wireshark.org/K12 but I got lost at this part:
>
> "The configuration file contains a list of
> stk-file/encapsulation-protocol pairings separated by a space.
>
> To set wireshark to use a k12 config file go to
> Preferences->Protocols->k12 and write the filename in the "Configuration
> filename" preference. You can specify a k12 config file using  -o
> 'k12.config: /path/to/k12_config  on the command line.
>
> Example configuration file
>
> # comments are lines that start with a '#'
> # sorry no spaces in filenames are allowed yet
> C:\K1297\stacks\umts_iu\umts_iu_ranap_alcap_2002-03.stk sscf-nni
> C:\K1297\stacks\umts_iu\umts_iu_ranap_alcap_2002-09.stk sscop
> D:\K15\stacks\gprs\gprs_Gb_R99.stk fr
> D:\K15\stacks\umts_iu\umts_iu_ranap_alcap_2002-09.stk sscop
> D:\K15\stacks\umts_iu\umts_iu_ranap_alcap.stk sscop
> C:\K1205\stacks\whibisup.stk mtp
> C:\K1297\stacks\gsm2p\gsm2p_gmsc.stk mtp2
> C:\K1297\stacks\umts_iu\umts_iu_ranap_alcap.stk sscop " ...
>
>  Because in Preferences->Protocols->k12 i don't have a option called "Configuration filename" and I don't know where to make the configuration from the example from above.
>  Also I tried to open wireshark from cmd (I work on Windows) with the -o 'k12.config: /path/to/k12_config option but I get a invalid -o flag k12.config
>  I mention that in Preferences->Protocols-> I have k12xx and not k12.
> Can anyone help me?
>
> Thanks in advance
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan