Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] using ethereal to decode dtap packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ken williams <ken@xxxxxxxxx>
Date: Wed, 15 Jun 2005 08:51:42 +0100
Thanks for the info.

I tried some of the captures on the link that you suggested and they were
decoded once I had enabled the protocols.

Now let me see if I have got this right.
text2pcap uses the library Wiretap in order to interpret the protocols and that
the gsm protocols are not in the library and therefor it will not work.
I need to add gsm support to the library in order to use the text2pcap program.

I assume then that text2pcap adds a protocol identifier in the pcap file.

I am using a binary distro for windows at the moment but am attempting to build
ethereal on linux at home so that I can debug.

Thanks again
Ken


Quoting Guy Harris <gharris@xxxxxxxxx>:

> Williams, Ken wrote:
> 
> > I am attempting to use ethereal to decode a propriatory trace from one of
> > out mobile phones.
> > I have written a script that convets the trace to a hex dump suitable for
> > the text2pcap program.
> > I have run the text2pcap program and produced a pcap file.
> > I have set the gsm dcap setting in the enabled protocols.
> > Having done this, ethereal will read in the packets and display them. The
> > problem is that it will not decode them. I just get UNKNOWN WTAP_ENCAP =
> 1.
> 
> What happens if you try to read an ordinary Ethernet capture?  (If you 
> don't have any, see
> 
> 	http://wiki.ethereal.com/SampleCaptures
> 
> for some samples.)
> 
> You probably ran text2pcap without the "-l" flag, in which case the 
> capture file text2pcap generates is an Ethernet capture.  However, 
> neither with a real Ethernet capture nor with the capture you generated 
> should you get a protocol of "UNKNOWN" and an info column of "WTAP_ENCAP 
> = 1" - and you'll probably get that with both captures if you're getting 
> it with one of them.
> 
> If you get that error with all captures, did you install a binary 
> distribution of Ethereal, or are you running a version you built from 
> source?
> 
> Even if you fix that problem, however, you still won't be able to handle 
> your capture unless it contains traffic of a type the libpcap file 
> format supports - and raw GSM protocols aren't of that type.
> 
> You might want to add to Wiretap (the library that comes with Ethereal 
> and that it uses to read capture files) support for that type of raw GSM 
> traffic, and to read the traces your mobile phones generate.
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 


--
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube