Wireshark · Ethereal-dev: Re: [Ethereal-dev] First version of text2pcap is now available

Ethereal-dev: Re: [Ethereal-dev] First version of text2pcap is now available

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ashok Narayanan <ashokn@xxxxxxxxx>

Date: Wed, 16 May 2001 18:22:31 -0400

On Wed, 16 May 2001 15:14:19 -0700 (PDT), Guy Harris <guy@xxxxxxxxxx> wrote:

> > I've just committed the first version of text2pcap to the repository.
> 
> You may want to update the top level Makefile.nmake file, to build it on
> Windows as well.

Okay. I don't have any way to actually do this, so can somebody do a test
build on Windows before I check in? Also, how is the documentation built for
Windows?

> > There is a man page (built from doc/text2pcap.pod).
> 
> It says:
> 
>      -e	l3pid
> 	 Include a dummy Ethernet header before	each packet.
> 	 Specify the L3PID for the Ethernet header in hex. Use
> 	 this option if	your dump is an	IP packet with IP header
> 	 and payload, but no Layer 2 encapsulation.
> 
> If your dump has only IP packets, and no link-layer headers, you could
> just make it a DLT_RAW libpcap file, with the "-l" flag.

I didn't know about this feature. Do you think it's worth removing the support
for the fake Ethernet headers altogether? Or should I just make a note in the
documentation? What I really need for my application is a fake IP header.

> (Perhaps the "-l" flag should also take, as arguments, symbolic names,
> for the benefit of those of us who don't happen to have memorized the
> numerical value of DLT_RAW.  :-))

Yeah, this was a classic cop-out on my part. I really wanted to quickly add
this feature but didn't want to define a set of mnemonics. I'll do that in the
next release :-)

> It then says:
> 
>          Example: -e 0x806 to specify an ARP packet.
> 
> If your dump has one or more ARP packets in it, it's presumably not an
> IP packet, so the description of the reason to use "-e" should perhaps
> not speak of using it mainly for IP captures.

Yeah, the text is probably not accurate. It applies to any L3-only dump that
has a valid Ethernet encapsulation. I can correct this.

-Ashok

--- Asok the Intern ----------------------------------------
Ashok Narayanan
IOS Network Protocols, Cisco Systems
250 Apollo Drive, Chelmsford, MA 01824
Ph: 978-244-8387.  Fax: 978-244-8126 (Attn: Ashok Narayanan)

Follow-Ups:
- Re: [Ethereal-dev] First version of text2pcap is now available
  - From: Guy Harris
- Re: [Ethereal-dev] First version of text2pcap is now available
  - From: Guy Harris

References:
- [Ethereal-dev] First version of text2pcap is now available
  - From: Ashok Narayanan
- Re: [Ethereal-dev] First version of text2pcap is now available
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] First version of text2pcap is now available
Next by Date: Re: [Ethereal-dev] First version of text2pcap is now available
Previous by thread: Re: [Ethereal-dev] First version of text2pcap is now available
Next by thread: Re: [Ethereal-dev] First version of text2pcap is now available
Index(es):
- Date
- Thread