The fact that Wireshark can still work with nettl files does give me
hope that the libpcap library is able to *read* nettl captures,
regardless if it contains multiple network types. Is there any special
processing done by Wireshark, or is it all hidden in the libpcap
library?
I see now that Wireshark and tools do its own processing for nettl and do not use libpcap for reading nettl, of course.
I am going to try to convert it to pcap-ng with libpcap 1.1.1 and assume for now that only one link-layer type is used in the captures i need to process. What tool would you recommend for the conversion?
If i understand correctly, a tool like editcap *could* produce one pcap-file for each link-layer type found in the nettl capture, provided the type is supported.
Best regards,
Andrej
|