Ethereal-dev: Re: [Ethereal-dev] Can we decode hex dumps?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Gilbert Ramirez" <gram@xxxxxxxxxx>
Date: Thu, 26 Apr 2001 18:21:01 -0500
----- Original Message -----
From: "Ashok Narayanan" <ashokn@xxxxxxxxx>
To: "Gilbert Ramirez" <gram@xxxxxxxxxx>
Cc: <ethereal-dev@xxxxxxxxxxxx>
Sent: Thursday, April 26, 2001 6:13 PM
Subject: Re: [Ethereal-dev] Can we decode hex dumps?


>
> I am somewhat enamored with the fake header idea. Inserting fake L2 and L3
> headers allows us to do this for every protocol; we don't have to go and
> modify all the protocol dissectors. I'm sure many of them are looking at
> *pinfo.

But they probably use the data in pinfo to determine something, so a
reasonable fake header would have to be used.

>
> I am also somewhat unwilling to implement a method which requires the user
to
> manually edit the file; I would stay away from it unless nothing else is

So how does the bootstrapping work? Does wiretap return a
WTAP_ENCAP_UNKNOWN for every single packet? Then the user
specifies fake headers to prepend to the packet, for every single packet?

The better approach is, as you have implemented in the parser you talk
about, allow the user to specify at least a default encap type by adding it
to the top of the hex dump file. But if I have a hex dump with multiple
link layer types (like the Toshiba ISDN router hex dump), I should
be able to specify an encapsulation type for each packet. And if
I'm allowed to do that, I might as well say "this packet starts at RSVP".

--gilbert