Wireshark-users: Re: [Wireshark-users] (Correction) Re: RS232 PPP sniffing

From: Paul Archer <ptarcher@xxxxxxxxx>
Date: Thu, 31 Dec 2009 10:49:55 +1100
On Wed, Dec 30, 2009 at 5:56 PM, Stephen Fisher
<steve@xxxxxxxxxxxxxxxxxx> wrote:
>
> Oops.  I meant to say text2pcap in the last e-mail.  It also comes
> with Wireshark: http://www.wireshark.org/docs/man-pages/text2pcap.html

So I gave text2pcap a go, but it didn't work out so well

od -Ax -tx1 -v 20091230-com3.txt | text2pcap -l 50 - com3_PPP_SERIAL.pcap

I tried numbers:
DLT_PPP     9
DLT_PPP_BSDOS   14
DLT_PPP_BSDOS   16
DLT_PPP_SERIAL  50

for the l arguments, but all were decoded into one packet, and missed
framing of packets.

The basis I am using that I might need to write something myself is
from a 2008 post on the mailing list
http://www.wireshark.org/lists/wireshark-users/200805/msg00029.html

I am just wondering if something has been released since then.


>
>
> Steve
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>



-- 
----
Regards
Paul Archer
ptarcher@xxxxxxxxx