Wireshark · Wireshark-users: Re: [Wireshark-users] Nettl HP-UX

Wireshark-users: Re: [Wireshark-users] Nettl HP-UX

From: Andrej van der Zee <andrejvanderzee@xxxxxxxxx>

Date: Mon, 20 Jun 2011 09:37:27 +0200

>
> If you're willing to modify editcap, you could try making a special modified version of it that maps WTAP_ENCAP_NETTL_RAW_IP and WTAP_ENCAP_NETTL_ETHERNET to WTAP_ENCAP_RAW_IP, and, for WTAP_ENCAP_NETTL_ETHERNET packets, discards non-IP packets (don't write them out) and strips off the first 14 bytes of packet data.
>

Thanks for your help, I got a working version now converting to
pcap-format with encapsulation type for Ethernet, generating a bogus
ether header for type IPv4. In the end it was just a few lines of code
in libpcap.c and pcap-common.c.

Cheers,
Andrej

References:
- [Wireshark-users] Nettl HP-UX
  - From: Andrej van der Zee
- Re: [Wireshark-users] Nettl HP-UX
  - From: Guy Harris
- Re: [Wireshark-users] Nettl HP-UX
  - From: Andrej van der Zee
- Re: [Wireshark-users] Nettl HP-UX
  - From: Andrej van der Zee
- Re: [Wireshark-users] Nettl HP-UX
  - From: Guy Harris
- Re: [Wireshark-users] Nettl HP-UX
  - From: Guy Harris
- Re: [Wireshark-users] Nettl HP-UX
  - From: Andrej van der Zee
- Re: [Wireshark-users] Nettl HP-UX
  - From: Guy Harris
- Re: [Wireshark-users] Nettl HP-UX
  - From: Guy Harris
- Re: [Wireshark-users] Nettl HP-UX
  - From: Andrej van der Zee
- Re: [Wireshark-users] Nettl HP-UX
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Nettl HP-UX
Next by Date: [Wireshark-users] Lua, all_field_infos
Previous by thread: Re: [Wireshark-users] Nettl HP-UX
Next by thread: Re: [Wireshark-users] Nettl HP-UX
Index(es):
- Date
- Thread