On Mar 4, 2013, at 1:02 PM, Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx> wrote:
>> What's the underlying link-layer type for the packets in your rf5 file?
>
> good bad ol' E.1/MTP2 (I am almost tempter to add "of course" here)
And can tcpreplay replay MTP2 files? Are there any links to which it can write?
>> Let the user read a text file containing raw packet data in hex-dump form without requiring them to go to the command line and run text2pcap.
>
> Uhm, maybe I am slow wit here but we have SS7 MTP2, MTP3, SCCP there so as NOT text-based protocols as one can imagine or do I miss something?
Yes, you're missing something.
"Text file containing raw packet data in hex-dump form" doesn't mean "text file containing text from a text-based protocol", it means "text file containing text such as
0000: FF FF FF FF FF FF 00 01 02 03 04 05 08 00 45 00
..."
It interprets that text as an (optional?) offset and a bunch of hex representations of byte values, and converts the hex representations of byte values to binary byte values and interprets those binary byte values as packets with the link-layer encapsulation type specified by the user (so that, if the link-layer encapsulation type were specified as Ethernet - which is *another* one of the values supported, and which is *also* not a text-based protocol - that packet would look like an IPv4 broadcast packet from MAC address 00:01:02:03:04:05).
> Then again, if SS7 MTP2 is supported can we just "strip" somehow K-12's overhead here and run text2pcap on whatever reamins there?
If you have a *text* file - i.e., *NOT* an rf5 file, which is a *binary* file - then you could probably edit it into some form that could be run through either
1) text2pcap
or
2) the File -> Import code
and produce a file with a LINKTYPE_MTP2 encapsulation.