Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] A question regarding text2pcap

From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Tue, 25 Dec 2012 23:38:29 +0100
On Dec 23, 2012, at 9:42 PM, Jaap Keuter wrote:

> Hi,
> 
> Well, from my days working on the File|Import function I can remember that this is the (proposed) option format. But if you want to define a per-packet parameter then an in-line tag should be fine. Think of a variant of the timestamp, now parametrized by -t <fmt>. So you could use something like -D (for direction) to allow 'ingress'/'inbound' and 'egress'/'outbound' to indicate direction (P2P_DIR_*).
Hi Jaap,

using the preamble is a good idea. Thank you very much!
Implemented in r46744.

Best regards
Michael
> 
> Thanks,
> Jaap
> 
> On 12/22/2012 10:04 PM, Michael Tuexen wrote:
>> Dear all,
>> 
>> after adding support for pcapng to textpcap and fixing the support of the
>> epb flags word for pcapng, I would like to add to text2pcap the capability
>> to indicate in the input file per packet, if the packet was sent or received.
>> text2pcap will than save this in the epb flags word when using pcapng.
>> 
>> My question is how to realize this. One possibility would be to use a directive
>> #TEXT2PCAP inbound
>> 0000 01 02 03 ....
>> #TEXT2PCAP outbound
>> 0000 01 03 03 ....
>> 
>> However, I would prefer a solution where the indication of inbound/outbound can
>> be on the same line as the packet.
>> (for some reason the producer of the file to be read by text2pcap normally provides
>> each packet on a single (long) line).
>> 
>> Any idea how to achieve this? Maybe using the directive at the beginning of the
>> line?
>> 
>> Any hints welcome!
>> 
>> Best regards
>> Michael
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>