Wireshark-users: Re: [Wireshark-users] ISDN Layer 3 decode

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Keith French" <keithfrench@xxxxxxxxxxxxx>
Date: Sat, 22 Oct 2011 19:13:38 +0100
The software that I would really like to load into Wireshark is Aethra's PC_108XP. This software serves as the expert software for many of their analysers and I think now that the "Export to Ethereal" option (I take your point about the possible age of formats here), is only for their ADSL & Ethernet analysers, not my ISDN, & Q.Sig analyser. Capinfos cannot open its native .aps format, using the Export to Ethereal to a .cap shows up in capinfos as:-
File name: C:\Users\Keith\Desktop\Environment Agency\QSig Traces\test.cap 
File type:           Wireshark/tcpdump/... - libpcap
File encapsulation:  OpenBSD PF Firewall logs, pre-3.4
Packet size limit:   file hdr: 65535 bytes
Number of packets:   83531
File size:           2506192 bytes
Data size:           1169672 bytes
Capture duration:    58678 seconds
Start time:          Fri Sep 30 00:00:03 2011
End time:            Fri Sep 30 16:18:01 2011
Data byte rate:      19.93 bytes/sec
Data bit rate:       159.47 bits/sec
Average packet size: 14.00 bytes
Average packet rate: 1.42 packets/sec
SHA1:                7aa7ce58093463bd11982bbcdc1c39e39d748be2
RIPEMD160:           f79a3d30c8c0dd243d30862d16b0e09edf8a5d8c
MD5:                 6fc2c284d73001665fb1b9516a089b92
Strict time order:   True
Hence why I think my best bet (if it is even possible) is to take the Layer 3 hex (and L2 if needed) & some how use text2pcap to try & load it into Wireshark.
The other analyser that I have borrowed that can output its D channel decode to Wireshark is called a "Mty Eye" from MOESARC TECHNOLOGY UK LTD. As I mentioned before it uses a .TRC file, which Wireshark can read and running capinfos on it shows:-
File name: C:\Users\Keith\Documents\Mty Eye Analyser\Lab Traces\Mty Eye QSig Trace.trc 
File type:           EyeSDN USB S0/E1 ISDN trace format
File encapsulation:  Per packet
                      ISDN
                      EyeSDN Layer 1 event
                      Digital Private Signalling System No 1 Link Layer
Packet size limit:   file hdr: (not set)
Number of packets:   4225
File size:           85527 bytes
Data size:           30414 bytes
Capture duration:    9105 seconds
Start time:          Mon Sep 28 10:33:31 2009
End time:            Mon Sep 28 13:05:16 2009
Data byte rate:      3.34 bytes/sec
Data bit rate:       26.72 bits/sec
Average packet size: 7.20 bytes
Average packet rate: 0.46 packets/sec
SHA1:                dd9e38034ca5394df88e31a1fbcc036ae5dccd7c
RIPEMD160:           59f0380474a80ab6ffcef39c1d860b61bd0f8db7
MD5:                 87542e18a170ebc68eb052158e61daca
Strict time order:   False
-----Original Message----- From: Guy Harris 
Sent: Friday, October 21, 2011 11:45 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] ISDN Layer 3 decode


On Oct 21, 2011, at 2:27 PM, Keith French wrote:
It does have an Export option to Ethereal, but all packets show up as malformed.
"Ethereal"? If it really says "Ethereal", it probably dates back before the introduction of the pcap link-layer types LINKTYPE_LAPD etc.; the only pcap encapsulation that a release called "Ethereal" supported (the last release called "Ethereal" was 0.99.0) was LINKTYPE_LINUX_LAPD. 

What does capinfos say about the exported-to-Ethereal files?
It can be saved in its own format (which I would think is highly protected) being a commercial product,
Well, some vendors of commercial network analyzers publish their capture file format, and others don't, but it might be possible to reverse-analyze the format. Who are the two vendors in question?
or in CSV or Text. The other analyser I mentioned that uses Wireshark saves its D channel decodes in TRC format. 

What's "TRC format"?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe