Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] creating a PCAP file from unencapsulated MTP3 traces

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Thu, 5 May 2005 17:56:26 +0200
Hi Luis,

for MTP2 it is very simple. You can just have the MTP2 message
as the packet in a libpcap file with DLT value of 140. If you put

0000 77 77 00
0000 77 78 01 02
0000 77 79 02 03 04

in a file with name mtp2.txt with the command

text2pcap -l 140 mtp2.txt mtp2.pcap

you can process it with ethereal.

If you put MTP3 packets in the file you need to
use the -l 142 option.

I hope this helps.

Best regards
Michael

On May 5, 2005, at 4:33 PM, LEGO wrote:


Hi,
I got MTP3 messages taken directly from a trace in a network element
(just unencapsulated MTP3 with timestamps). I'm writing a script to
import these into ethereal.

I've already created a script that fits the mtp3 message over
m3ua/sctp/ip/eth but I find it cumbersome to add that much data to
decode mtp3 and it's payload since I noticed Wiretap has already an
mtp2 "encapsulation".  So far I haven't been able to figure out which
format to use.

How the MTP2 file is formatted?

Thanks,

Luis

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube