Wireshark-users: [Wireshark-users] differnt protocol frames file
From: "Faten SOLTANI" <faten.soltani@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Apr 2009 11:49:05 +0200 (CEST)
Hi all I have � text file, wich contains a different protocols frames (ISUP/MTP3, SIP/IP...) I want to know which text2pcap option have I to use, to convert this file to Pcap format and to be able to decode it after. Thakyou for any help. Send Wireshark-users mailing list submissions to > wireshark-users@xxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://wireshark.org/mailman/listinfo/wireshark-users > or, via email, send a message with subject or body 'help' to > wireshark-users-request@xxxxxxxxxxxxx > > You can reach the person managing the list at > wireshark-users-owner@xxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Wireshark-users digest..." > > > Today's Topics: > > 1. uncompression error etc (Condor Kim) > 2. Re: 2 IP addresses on 1 machine (Juan Perez) > 3. Re: 2 IP addresses on 1 machine (Abhik Sarkar) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 18 Apr 2009 17:55:42 -0700 (PDT) > From: Condor Kim <toothache200873@xxxxxxxxx> > Subject: [Wireshark-users] uncompression error etc > To: wireshark-users@xxxxxxxxxxxxx > Message-ID: <659477.28396.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="us-ascii" > > hi everyone, can you guys help me out with this error message? > > today when i tried to start wireshark on my eeepc 900a linux, i got the > error: > > "the file /tmp/xxxx8l1hsu could not be opened: uncompression error: buffer > error" > > what does it mean? i use wireshark 0.99.4. > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.wireshark.org/lists/wireshark-users/attachments/20090418/e805b345/attachment.html > > ------------------------------ > > Message: 2 > Date: Sun, 19 Apr 2009 08:22:04 -0700 (PDT) > From: Juan Perez <jperezsip2008@xxxxxxxxx> > Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine > To: Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: <390343.81336.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset=us-ascii > > > anybody has experienced this prob? any ideas on how to solve it? > any help would be very much appreciated, thanks > > jp > > > > ----- Original Message ---- > From: Juan Perez <jperezsip2008@xxxxxxxxx> > To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> > Sent: Friday, April 17, 2009 4:27:43 PM > Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine > > > ok, what happens is that I am using pub IPs and can not show them here. I > had to edit the output of the "ifcfg-ethX" files and of course I messed up > 2 times, :-(. > this should be the right information, sorry again. > > > eth1 --> 192.168.1.10 255.255.255.0 > eth2 --> 192.168.1.11 255.255.255.0 > > > [root@proxy2 network-scripts]# cat ifcfg-eth1 > # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet > DEVICE=eth1 > BOOTPROTO=none > BROADCAST=192.168.1.255 > HWADDR=00:19:b9:f2:f3:f4 > IPADDR=192.168.1.10 > NETMASK=255.255.255.0 > NETWORK=192.168.1.0 > ONBOOT=yes > GATEWAY=192.168.1.1 > TYPE=Ethernet > [root@proxy2 network-scripts]# > > [root@proxy2 network-scripts]# cat ifcfg-eth2 > # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) > DEVICE=eth2 > ONBOOT=yes > BOOTPROTO=none > HWADDR=00:04:23:e6:8b:17 > NETMASK=255.255.255.0 > IPADDR=192.168.1.11 > GATEWAY=192.168.1.1 > TYPE=Ethernet > NETWORK=192.168.1.0 > BROADCAST=192.168.1.255 > [root@proxy2 network-scripts]# > > > > > > ----- Original Message ---- > From: Jaap Keuter <jaap.keuter@xxxxxxxxx> > To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> > Sent: Friday, April 17, 2009 1:52:41 PM > Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine > > Hi, > > Your config says differently: > > <quote> > [root@proxy2 network-scripts]# cat ifcfg-eth0 > # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet > DEVICE=eth0 > BOOTPROTO=none > BROADCAST=192.168.1.255 > HWADDR=00:19:b9:f2:f3:f4 > IPADDR=192.168.1.10 > NETMASK=255.255.255.0 > NETWORK=192.168.1.0 > ONBOOT=yes > GATEWAY=192.168.1.1 > TYPE=Ethernet > </quote> > > Thanx, > Jaap > > Juan Perez wrote: >> sorry, I was a mistake, it is eth1 and eth2, the question still remains >> ;-) >> >> eth1 -> IP=192.168.1.10/24 >> eth2 -> IP=192.168.1.11/24 >> >> >> cheers >> >> jp >> >> >> ----- Original Message ---- >> From: Jaap Keuter <jaap.keuter@xxxxxxxxx> >> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> >> Sent: Friday, April 17, 2009 1:22:43 PM >> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine >> >> Hi, >> >> Reading from the configuration data, in short: >> >> eth0 -> IP=192.168.1.10/24 >> eth1 -> IP=192.168.1.11/24 >> >> So, there is not eth2 in this list. The command line "tshark -i eth1" to >> capture >> traffic to 192.168.1.11 is perfectly oke. >> >> Thanx, >> Jaap >> >> Juan Perez wrote: >>> Hello >>> >>> I have a linux machine with two physical NICs and each NIC has its own >>> IP address belonging to the same network. >>> Example: >>> eth0 --> 192.168.1.10 255.255.255.0 >>> eth1 --> 192.168.1.11 255.255.255.0 >>> >>> >>> [root@proxy2 network-scripts]# cat ifcfg-eth0 >>> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet >>> DEVICE=eth0 >>> BOOTPROTO=none >>> BROADCAST=192.168.1.255 >>> HWADDR=00:19:b9:f2:f3:f4 >>> IPADDR=192.168.1.10 >>> NETMASK=255.255.255.0 >>> NETWORK=192.168.1.0 >>> ONBOOT=yes >>> GATEWAY=192.168.1.1 >>> TYPE=Ethernet >>> [root@proxy2 network-scripts]# >>> >>> [root@proxy2 network-scripts]# cat ifcfg-eth1 >>> # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) >>> DEVICE=eth1 >>> ONBOOT=yes >>> BOOTPROTO=none >>> HWADDR=00:04:23:e6:8b:17 >>> NETMASK=255.255.255.0 >>> IPADDR=192.168.1.11 >>> GATEWAY=192.168.1.1 >>> TYPE=Ethernet >>> NETWORK=192.168.1.0 >>> BROADCAST=192.168.1.255 >>> [root@proxy2 network-scripts]# >>> >>> I have 2 apps, each one listen on 1 IP: >>> >>> app 1 listens only on 192.168.1.10 >>> app 2 listens only on 192.168.1.11. >>> >>> When I run tshark this way "tshark -i eth2 -S" and packets destined to >>> IP 2 arrive I do no see them, I have to run tshark like this: "tshark >>> -i eth1 -S". >>> In summary, I have to run "tshark -i eth1" for me to see the packets >>> that fo to IP 2. When I do it that way I can see the packets from any >>> ext IP to the IP 2 192.168.1.11. >>> >>> This should not be. Is there anything wrong with my NICs configuration? >>> >>> cheers >>> >>> jp >>> >>> > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe > > > > > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe > > > > > > > > ------------------------------ > > Message: 3 > Date: Sun, 19 Apr 2009 21:03:37 +0400 > From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx> > Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine > To: Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: > <c460e4040904191003o29aea208m6ab032e4c2bd4674@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset="utf-8" > > I don't know what others have to say, but your LAN configuration doesn't > quite look alright (unless what I am about to say is also the result of > your > massaging the configuration files for display here). What you have is two > Ethernet interfaces in the same subnet, both defined with gateways. This > is > likely to confuse the routing. I would suggest removing the GATEWAY line > from anyone of the interface configuration files and restarting the > network > service. > > On Sun, Apr 19, 2009 at 7:22 PM, Juan Perez <jperezsip2008@xxxxxxxxx> > wrote: > >> >> anybody has experienced this prob? any ideas on how to solve it? >> any help would be very much appreciated, thanks >> >> jp >> >> >> >> ----- Original Message ---- >> From: Juan Perez <jperezsip2008@xxxxxxxxx> >> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> >> Sent: Friday, April 17, 2009 4:27:43 PM >> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine >> >> >> ok, what happens is that I am using pub IPs and can not show them here. >> I >> had to edit the output of the "ifcfg-ethX" files and of course I messed >> up 2 >> times, :-(. >> this should be the right information, sorry again. >> >> >> eth1 --> 192.168.1.10 255.255.255.0 >> eth2 --> 192.168.1.11 255.255.255.0 >> >> >> [root@proxy2 network-scripts]# cat ifcfg-eth1 >> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet >> DEVICE=eth1 >> BOOTPROTO=none >> BROADCAST=192.168.1.255 >> HWADDR=00:19:b9:f2:f3:f4 >> IPADDR=192.168.1.10 >> NETMASK=255.255.255.0 >> NETWORK=192.168.1.0 >> ONBOOT=yes >> GATEWAY=192.168.1.1 >> TYPE=Ethernet >> [root@proxy2 network-scripts]# >> >> [root@proxy2 network-scripts]# cat ifcfg-eth2 >> # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) >> DEVICE=eth2 >> ONBOOT=yes >> BOOTPROTO=none >> HWADDR=00:04:23:e6:8b:17 >> NETMASK=255.255.255.0 >> IPADDR=192.168.1.11 >> GATEWAY=192.168.1.1 >> TYPE=Ethernet >> NETWORK=192.168.1.0 >> BROADCAST=192.168.1.255 >> [root@proxy2 network-scripts]# >> >> >> >> >> >> ----- Original Message ---- >> From: Jaap Keuter <jaap.keuter@xxxxxxxxx> >> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> >> Sent: Friday, April 17, 2009 1:52:41 PM >> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine >> >> Hi, >> >> Your config says differently: >> >> <quote> >> [root@proxy2 network-scripts]# cat ifcfg-eth0 >> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet >> DEVICE=eth0 >> BOOTPROTO=none >> BROADCAST=192.168.1.255 >> HWADDR=00:19:b9:f2:f3:f4 >> IPADDR=192.168.1.10 >> NETMASK=255.255.255.0 >> NETWORK=192.168.1.0 >> ONBOOT=yes >> GATEWAY=192.168.1.1 >> TYPE=Ethernet >> </quote> >> >> Thanx, >> Jaap >> >> Juan Perez wrote: >> > sorry, I was a mistake, it is eth1 and eth2, the question still >> remains >> ;-) >> > >> > eth1 -> IP=192.168.1.10/24 >> > eth2 -> IP=192.168.1.11/24 >> > >> > >> > cheers >> > >> > jp >> > >> > >> > ----- Original Message ---- >> > From: Jaap Keuter <jaap.keuter@xxxxxxxxx> >> > To: Community support list for Wireshark >> <wireshark-users@xxxxxxxxxxxxx> >> > Sent: Friday, April 17, 2009 1:22:43 PM >> > Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine >> > >> > Hi, >> > >> > Reading from the configuration data, in short: >> > >> > eth0 -> IP=192.168.1.10/24 >> > eth1 -> IP=192.168.1.11/24 >> > >> > So, there is not eth2 in this list. The command line "tshark -i eth1" >> to >> capture >> > traffic to 192.168.1.11 is perfectly oke. >> > >> > Thanx, >> > Jaap >> > >> > Juan Perez wrote: >> >> Hello >> >> >> >> I have a linux machine with two physical NICs and each NIC has its >> own >> IP address belonging to the same network. >> >> Example: >> >> eth0 --> 192.168.1.10 255.255.255.0 >> >> eth1 --> 192.168.1.11 255.255.255.0 >> >> >> >> >> >> [root@proxy2 network-scripts]# cat ifcfg-eth0 >> >> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet >> >> DEVICE=eth0 >> >> BOOTPROTO=none >> >> BROADCAST=192.168.1.255 >> >> HWADDR=00:19:b9:f2:f3:f4 >> >> IPADDR=192.168.1.10 >> >> NETMASK=255.255.255.0 >> >> NETWORK=192.168.1.0 >> >> ONBOOT=yes >> >> GATEWAY=192.168.1.1 >> >> TYPE=Ethernet >> >> [root@proxy2 network-scripts]# >> >> >> >> [root@proxy2 network-scripts]# cat ifcfg-eth1 >> >> # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) >> >> DEVICE=eth1 >> >> ONBOOT=yes >> >> BOOTPROTO=none >> >> HWADDR=00:04:23:e6:8b:17 >> >> NETMASK=255.255.255.0 >> >> IPADDR=192.168.1.11 >> >> GATEWAY=192.168.1.1 >> >> TYPE=Ethernet >> >> NETWORK=192.168.1.0 >> >> BROADCAST=192.168.1.255 >> >> [root@proxy2 network-scripts]# >> >> >> >> I have 2 apps, each one listen on 1 IP: >> >> >> >> app 1 listens only on 192.168.1.10 >> >> app 2 listens only on 192.168.1.11. >> >> >> >> When I run tshark this way "tshark -i eth2 -S" and packets destined >> to >> IP 2 arrive I do no see them, I have to run tshark like this: "tshark >> -i >> eth1 -S". >> >> In summary, I have to run "tshark -i eth1" for me to see the packets >> that fo to IP 2. When I do it that way I can see the packets from any >> ext IP >> to the IP 2 192.168.1.11. >> >> >> >> This should not be. Is there anything wrong with my NICs >> configuration? >> >> >> >> cheers >> >> >> >> jp >> >> >> >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list >> <wireshark-users@xxxxxxxxxxxxx> >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> mailto:wireshark-users-request@xxxxxxxxxxxxx >> ?subject=unsubscribe >> >> >> >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list >> <wireshark-users@xxxxxxxxxxxxx> >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> mailto:wireshark-users-request@xxxxxxxxxxxxx >> ?subject=unsubscribe >> >> >> >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list >> <wireshark-users@xxxxxxxxxxxxx> >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> mailto:wireshark-users-request@xxxxxxxxxxxxx >> ?subject=unsubscribe >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.wireshark.org/lists/wireshark-users/attachments/20090419/843af19d/attachment.htm > > ------------------------------ > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > End of Wireshark-users Digest, Vol 35, Issue 42 > *********************************************** >
- Prev by Date: Re: [Wireshark-users] 2 IP addresses on 1 machine
- Next by Date: Re: [Wireshark-users] 2 IP addresses on 1 machine
- Previous by thread: [Wireshark-users] uncompression error etc
- Next by thread: [Wireshark-users] Packet capture point
- Index(es):