Christopher Maynard wrote: >Alex Lindberg <alindber@...> writes: > >> Has anyone created a utility to convert the output of tshark -V to pcap >> files? > >I think text2pcap is the logical utility to do this. Unfortunately, it doesn't >work if the summary information is present, but if you can strip out that >stuff, >then it should work. There is a bug open for enhancing text2pcap to deal with >the summary information: >https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1636
I've done something similar with a different kind of text-based dump. In that, I wrote a python script to perform a minimal transformation to the input file to make it palatable to text2pcap and then converted the timestamps and added fake TCP (and underlying) headers like so: "C:\python26\python.exe" mydump2pcap.py %1 |"C:\Program Files\Wireshark"\text2pcap -t "%%Y-%%m-%%dT%%H:%%M:%%S." -T 2222,40000 - %1.pcap That's the Windows batch file version. The bash script is a little cleaner syntax, but essentially the same thing. Ed ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
