Wireshark · Ethereal-users: Re: [Ethereal-users] AAL5 CRC decoding

Ethereal-users: Re: [Ethereal-users] AAL5 CRC decoding

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 12 May 2004 02:35:40 -0700

On Wed, May 12, 2004 at 10:13:42AM +0100, Serge L'Hermitte wrote:
> - whether there is a tool to convert the raw packet decode into one of the 2
> format you are specifying (Already tried to google a bit unsuccessfully)

I don't know of any.

> - of if a tool does not exist, if we know the format of the capture files of
> Endace or Windows sniffer so I can artificially generate one with a bit of
> perl ;-).

The Windows Sniffer format isn't documented; code to read it is in
wiretap/netxray.c.  It was constructed by reverse-engineering the file
format.

I don't know of any document for the Endace ERF file format - try
www.endace.com - but code to read it is in wiretap/erf.c and
wiretap/erf.h.  That code was constructed by Endace.

I think, from the "constructed by" sentences, you can guess which format
I'd recommend. :-)  The layout of the data structures in ERF files are
in wiretap/erf.h - but look at the .c file as well.

Follow-Ups:
- Re: [Ethereal-users] AAL5 CRC decoding
  - From: Dave Jagoda

References:
- RE: [Ethereal-users] AAL5 CRC decoding
  - From: Serge L'Hermitte

Prev by Date: RE: [Ethereal-users] AAL5 CRC decoding
Next by Date: Re: [Ethereal-users] wifi sniffing
Previous by thread: RE: [Ethereal-users] AAL5 CRC decoding
Next by thread: Re: [Ethereal-users] AAL5 CRC decoding
Index(es):
- Date
- Thread