On Jul 17, 2009, at 6:59 AM, Harvey, James B. wrote:
I have traces captured by an Agilent J2300 Advisor. The protocol
is FTAM over CLNP over LAPD.
FTAM running over an ISDN D-channel?
The Advisor decodes LAPD but no higher. I have not found a way to
convert these trace files to .PCAP directly
Do you have any documentation on the Advisor trace file format?
If not, do you have any Advisor trace files along with a printout of
the dissection of the files?
If you have either or both of them, we might be able to make Wireshark
capable of reading at least some of those files.
so I print to file the capture hex only, then massage the print file
with TCL to get something I can feed to text2pcap. Looks like this:
...
This is an FTAM data PDU, a LAPD ack, and I think an FTAM ack.
Text2pcap does convert,
What link-layer type did you use? (I.e., what value did you pass to
the "-l" flag when you ran text2pcap?)
