Hi Vikas, You'll have to provide the source pcap for me to answer that. tcprewrite should work equally well for all Cisco HDLC pcaps- at least the ones I've ever seen.
On Mon, Nov 1, 2010 at 2:32 AM, Vikas Sharma <vsh...@gmail.com> wrote: > Dear Aaron, > > you will recall that we had started with cisco HDLC conversion to ethernet. > > You had specified that we specify the MAC addresses in the conversion > command. > > we used the following command : > > tcprewrite --enet-dmac=00:55:22:AF:C6:37 --enet-smac=00:44:66:FC:29:AF > --infile=input.pcap --outfile=output.pcap > However, when we try to decode output.pcap, we find that only P2P Packets, > and some SSL packets can be decoded. the rest are not decoded (even though > the systems do recognize TCP / UDP / ICMP transport protocols, but do not > decode the actual data). > > Is this because we have not specified the second MAC address for the client > to server traffic ? Can you clarify please. Please provide a sample command > that should work for HTTP Cisco HDLC packets to be converted into ethernet > packets. > > or do we need to specify the cachefile also ? Please provide an example for > the same > > Do we also need to use the --skipbroadcast flag ? Please explain > Regards > Vikas Sharma > > On Sun, Sep 12, 2010 at 11:20 PM, Aaron Turner <synfina...@gmail.com> wrote: >> >> Actually, it's asking you for MAC addresses. Cisco HDLC does not have >> this information in the header and they are required for Ethernet. In >> your case, I recommend you just make them up- any valid MAC address >> will work. >> >> On Sun, Sep 12, 2010 at 4:58 AM, Vikas Sharma <vsh...@gmail.com> wrote: >> > Dear Mr. Aaron Turner, >> > >> > >> > >> > My company is into security systems and had received a few CiscoHDLC >> > pcap >> > files (of 85 MBs each). >> > >> > >> > >> > Our software can only read only Ethernet packets and accordingly we >> > tried to >> > convert the CiscoHDLC pcap files into Ethernet (DLT) by using >> > >> > >> > >> > tcprewrite –dlt=enet --infile=input.pcap --outfile=output.pcap >> > >> > >> > >> > However the system (Ubuntu Lucid) asks for the source IP address and we >> > are >> > not able to provide that since that is not known to us (these are pcap >> > files >> > captured by an Endace DAG card on an OC3, STM line). >> > >> > >> > >> > Please suggest a way to convert CiscoHDLC pcap files into Ethernet pcap >> > files. >> > >> > >> > >> > I have enclosed the protocol stack of the CiscoHDLC pcap file along with >> > this email >> > >> > I await your response, >> > >> > >> > >> > Regards >> > >> > >> > >> > Vikas Sharma >> > >> > >> > ------------------------------------------------------------------------------ >> > Start uncovering the many advantages of virtual appliances >> > and start using them to simplify application deployment and >> > accelerate your shift to cloud computing >> > http://p.sf.net/sfu/novell-sfdev2dev >> > >> > _______________________________________________ >> > Tcpreplay-users mailing list >> > Tcpreplay-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> > >> >> >> >> -- >> Aaron Turner >> http://synfin.net/ Twitter: @synfinatic >> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & >> Windows >> Those who would give up essential Liberty, to purchase a little temporary >> Safety, deserve neither Liberty nor Safety. >> -- Benjamin Franklin >> "carpe diem quam minimum credula postero" >> >> >> ------------------------------------------------------------------------------ >> Start uncovering the many advantages of virtual appliances >> and start using them to simplify application deployment and >> accelerate your shift to cloud computing >> http://p.sf.net/sfu/novell-sfdev2dev >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
