Wireshark · Wireshark-dev: [Wireshark-dev] A question regarding text2pcap

Wireshark-dev: [Wireshark-dev] A question regarding text2pcap

From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>

Date: Sat, 22 Dec 2012 22:04:14 +0100

Dear all,

after adding support for pcapng to textpcap and fixing the support of the
epb flags word for pcapng, I would like to add to text2pcap the capability
to indicate in the input file per packet, if the packet was sent or received.
text2pcap will than save this in the epb flags word when using pcapng.

My question is how to realize this. One possibility would be to use a directive
#TEXT2PCAP inbound
0000 01 02 03 ....
#TEXT2PCAP outbound
0000 01 03 03 ....

However, I would prefer a solution where the indication of inbound/outbound can
be on the same line as the packet.
(for some reason the producer of the file to be read by text2pcap normally provides
each packet on a single (long) line).

Any idea how to achieve this? Maybe using the directive at the beginning of the
line?

Any hints welcome!

Best regards
Michael

Follow-Ups:
- Re: [Wireshark-dev] A question regarding text2pcap
  - From: Jaap Keuter

Prev by Date: Re: [Wireshark-dev] Capture start and capture stop icons in the toolbar
Next by Date: Re: [Wireshark-dev] Capture start and capture stop icons in the toolbar
Previous by thread: Re: [Wireshark-dev] Win32 GTK3 bundle 3.4.0-3.9 not in current 'tag' ?
Next by thread: Re: [Wireshark-dev] A question regarding text2pcap
Index(es):
- Date
- Thread