Ethereal-dev: Re: [Ethereal-dev] Can we decode hex dumps?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 26 Apr 2001 16:21:15 -0700 (PDT)
> I am also somewhat unwilling to implement a method which requires the user to
> manually edit the file; I would stay away from it unless nothing else is
> possible.

If the file doesn't say "this contains RSVP packets", and there's no way
for a program to infer that it does, some human will have to *somehow*
tell some piece of software that the file's contents are to be
interpreted as RSVP.

> Another option is not to put this in wiretap, but rather to have a menu option
> directly in Ethereal which allows the user to "Import hex dump". When the user
> selects this, he sees a dialog wherein he can specify the protocol and layer,
> and fake headers are automatically added as required.

Yet another option is not to put this into Ethereal, period, but to have
a separate program that reads hex dumps and generates libpcap dump files
with fake Ethernet and IP headers - or, given that one capture type in
libpcap is DLT_RAW, meaning "no link-layer headers, just raw IPv4
headers", generates DLT_RAW capture files with fake IP headers.