Wireshark-users: Re: [Wireshark-users] Nettl HP-UX

From: Andrej van der Zee <andrejvanderzee@xxxxxxxxx>
Date: Wed, 15 Jun 2011 01:08:47 +0200
Hi,

Thanks for your reply.

>        nettl files don't have a single network type - a single nettl file can have packets with multiple different network types - which means that, in order to write it out as a pcap file, we'd have to try to create the file with the network type of the first packet (assuming there *is* a pcap LINKTYPE_ value for that network type, because not all link-layer types in nettl have LINKTYPE_ values), and keep writing until we either get to the end of the file, at which point we're done, or find a packet of a different network type, at which point we have to stop with an error.

The fact that Wireshark can still work with nettl files does give me
hope that the libpcap library is able to *read* nettl captures,
regardless if it contains multiple network types. Is there any special
processing done by Wireshark, or is it all hidden in the libpcap
library?

Thank you,
Andrej