On Jun 19, 2011, at 3:51 PM, Andrej van der Zee wrote:
> I just found the nettl files I am facing have packets with two
> different encapsulation types:
> * Ethernet with nettl headers
> * Raw IP with nettl headers
>
> Is there a way to convert either Ethernet to Raw IP or visa versa so
> that I end up with one encapsulation type?
Well, there are two possibilities here:
1) use pcap-ng, and convert "Ethernet with nettl headers" to Ethernet and convert "Raw IP with nettl headers" to raw IP by discarding the nettl headers in both cases;
2) use pcap, and convert "Ethernet with nettl headers" to raw IP by discarding the nettl headers, discarding packets with a length field rather than a linktype and with Ethertypes other that 0x0800 and 0x86dd, and discarding the Ethernet header, and convert "Raw IP with nettl headers" to raw IP by discarding the nettl headers.