On Mon, Mar 23, 2009 at 4:08 PM, Guy Harris <[email protected]> wrote:
> > On Mar 23, 2009, at 8:33 AM, SOLTANI FATEN wrote: > > > As you know, Wireshark is able to read a catapult format (DCT2000), > > I want to know HOW? By conversion from DCT200 format to pcap format, > > or there is some modification which were made in Wireshark library > > to make it able to read this format? > > There are modifications in one of the Wireshark libraries (there's > more than one of them). The Wiretap library, which reads capture > files, includes modules to support many capture files, including pcap > format, classic DOS Sniffer format, NetXRay/Windows Sniffer format, > Microsoft Network Monitor format - and Catapult DCT2000 format. > > _ > Also note that its not generally possible to convert DCT2000 format files to pcap format. - there is often not a corresponding pcap encapsulation for DCT2000 protocols - DCT2000 files can include an arbitrary mixture of protocols, whereas pcap files (always?) have a single encapsulation type. I can't remember exactly what the restriction here is... There is still some information in the file format that can't easily be imported into Wireshark (e.g. error messages), and looking at your sample, you would also need to skip lines that don't correspond to frames that have a timestamp and frame data that can be fed info a wireshark dissector. Martin > __________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
