Dear Martin, Thank you very much for your kind reply. The difficulty in my case is that I only have access to TCPDUMP's ASCII output, the "playback" of a pcap trace, of the following form:
... 1068290793.846948 X.X.X.X.Y > X.X.X.X.Y: udp 116 (DF) (ttl 46, id 0, len 144) 1068290793.851850 X.X.X.X.Y > X.X.X.X.Y: P [tcp sum ok] 723881836:723881848(12) ack 2144666878 win 57848 <nop,nop,timestamp 2895874309 1272161798> (DF) (ttl 42, id 42545, len 64) ... which I must convert back into the original, binary libpcap trace. It is admittedly a bit different from converting a hex pcap dump. Would you happen to know of any tools that could help me? Please CC: me in the reply as I am on the tcpdump-nomail list... Thanks, Stan On Mon, 2003-11-17 at 12:13, Martin Regner wrote: > Please note that Ethereal can handle a lot of different capture file > formats, so if you need to transfer from > one format to another there could be support for that > > What program have you done the capturing with? > > http://www.ethereal.com/introduction.html#features > > Ethereal can read capture files from tcpdump (libpcap), NAI's SnifferT > (compressed and uncompressed), SnifferT Pro, NetXrayT, Sun snoop and > atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network > Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, > i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log > (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, > or Visual Networks' Visual UpTime. It can also read traces made from > Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text > output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. > Any of these files can be compressed with gzip and Ethereal will decompress > them on the fly. > > Therea are also some perl scripts and similar available to convert from > other formats. > > > ----- Original Message ----- > From: "Martin Regner" <[EMAIL PROTECTED]> > To: "Stanislav Rost" <[EMAIL PROTECTED]> > Sent: Monday, November 17, 2003 6:06 PM > Subject: Re: [tcpdump-workers] Tcpdump: ASCII -> binary trace conversion, > any tools? > > > > If you have hex output of the packet contents in the ASCII file then you > > could use the text2pcap > > program included in Ethereal distribution to create a tcpdump/libpcap > file. > > > > 0000 ff ff ff ff ff ff 00 07 0d b3 e4 0a 08 06 00 01 ................ > > 0010 08 00 06 04 00 01 00 07 0d b3 e4 0a d5 59 8c 01 .............Y.. > > 0020 00 00 00 00 00 00 d5 59 8f 82 00 00 00 00 00 00 .......Y........ > > 0030 00 00 00 00 00 00 00 00 00 00 00 00 ............ > > > > > > 0000 ff ff ff ff ff ff 00 07 0d b3 e4 0a 08 06 00 01 ................ > > 0010 08 00 06 04 00 01 00 07 0d b3 e4 0a d5 59 8c 01 .............Y.. > > 0020 00 00 00 00 00 00 d5 59 8f 84 00 00 00 00 00 00 .......Y........ > > 0030 00 00 00 00 00 00 00 00 00 00 00 00 ............ > > > > > > 0000 ff ff ff ff ff ff 00 07 0d b3 e4 0a 08 06 00 01 ................ > > 0010 08 00 06 04 00 01 00 07 0d b3 e4 0a d5 59 8c 01 .............Y.. > > 0020 00 00 00 00 00 00 d5 59 8f 86 00 00 00 00 00 00 .......Y........ > > 0030 00 00 00 00 00 00 00 00 00 00 00 00 ............ > > > > > > ----- Original Message ----- > > From: "Stanislav Rost" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, November 17, 2003 5:51 PM > > Subject: [tcpdump-workers] Tcpdump: ASCII -> binary trace conversion, any > > tools? > > > > > > > Hi, > > > > > > I was just wondering if you were aware of any tools that could convert > > > from the ASCII output of tcpdump into the original binary form. I have > > > a set of unique traces which are unfortunately in the wrong format for > > > our tools to read them, and must process them rather urgently. > > > > > > Please Cc: me in the reply as I am on tcpdump-nomail... > > > > > > Much obliged, > > > > > > Stan Rost > > > > > > > > > - > > > This is the TCPDUMP workers list. It is archived at > > > http://www.tcpdump.org/lists/workers/index.html > > > To unsubscribe use > > mailto:[EMAIL PROTECTED] > > > > > -- Stanislav Rost <[EMAIL PROTECTED]> Laboratory for Computer Science, MIT - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
