Wireshark-users: Re: [Wireshark-users] Wireshark and .rf5 files from Tektronix

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Fri, 18 Jul 2008 09:11:19 -0400

(From what I recall) that path name is actually in the .rf5 file. You need to create a "match" in the K12 preferences that matches that name to a protocol/dissector. So:

match=evolium (for example)
proto=<whatever>

Adriana Matei wrote:
    Yes, I did that, but still I get a warning like :

Stack file used: c:/program files/tektronix/k15/stacks/wimax_r1/wimax_r1_r1_802.16e_wimax_rel_evolium_2_31.stk
          Warning: stk file not matched in the 'K12 Protocols' table

Where is Wireshark exactly looking when it is saying "Stack file used:" because I don't have a "c:/program files/tektronix/k15/stacks/wimax_r1/wimax_r1_r1_802.16e_wimax_rel_evolium_2_31.stk" That is not the path to the stack file that I want to use. Can I somehow redirect the path that it is using for the stack file in order to use a specific stack file that I have in a different place from where Wireshark is installed?

Luis EG Ontanon wrote:
The K12 configuration file applies to versions up to 0.99.5, 1.0 its
far newer it instead uses a table.

The k12 "dissector" now uses a simple table that contains two parts:
match and proto:

- "match" should contain a string that is an univocously identifiable
part of either the port name or a stack filename (.stk).

- "proto" contains the lowest layer protocol to be used (i.e. the
encapsulation mtp2, eth, sscf-nni, ...).


Once you populate your table with the various entries Wireshark will
look for "match" in either the port name or the stack filename for
that port and if there is a match for a given packet it will attempt
to decode its contents using "proto".


On Fri, Jul 18, 2008 at 1:19 PM, Adriana Matei
<adriana.matei@xxxxxxxxxxxxxx> wrote:
 Hello all,

 How should I configure my Wireshark( version 1.0.1) in order to read
this type of files? I read about *Tektronix K12xx/K15 .rf5 files* on
http://wiki.wireshark.org/K12 but I got lost at this part:

"The configuration file contains a list of
stk-file/encapsulation-protocol pairings separated by a space.

To set wireshark to use a k12 config file go to
Preferences->Protocols->k12 and write the filename in the "Configuration
filename" preference. You can specify a k12 config file using  -o
'k12.config: /path/to/k12_config  on the command line.

Example configuration file

# comments are lines that start with a '#'
# sorry no spaces in filenames are allowed yet
C:\K1297\stacks\umts_iu\umts_iu_ranap_alcap_2002-03.stk sscf-nni
C:\K1297\stacks\umts_iu\umts_iu_ranap_alcap_2002-09.stk sscop
D:\K15\stacks\gprs\gprs_Gb_R99.stk fr
D:\K15\stacks\umts_iu\umts_iu_ranap_alcap_2002-09.stk sscop
D:\K15\stacks\umts_iu\umts_iu_ranap_alcap.stk sscop
C:\K1205\stacks\whibisup.stk mtp
C:\K1297\stacks\gsm2p\gsm2p_gmsc.stk mtp2
C:\K1297\stacks\umts_iu\umts_iu_ranap_alcap.stk sscop " ...

 Because in Preferences->Protocols->k12 i don't have a option called "Configuration filename" and I don't know where to make the configuration from the example from above.
 Also I tried to open wireshark from cmd (I work on Windows) with the -o 'k12.config: /path/to/k12_config option but I get a invalid -o flag k12.config
 I mention that in Preferences->Protocols-> I have k12xx and not k12.
Can anyone help me?

Thanks in advance


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users




_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users