i will try to summarize this thing for you
a small how to on this as it may be interesting for others to
there is a readme on this in the wiretap library (README.developer)
as it says it is very short and very dirty....but very useful!!!!!!
you have to write to files:
your_dumpfile.h
this has to look like exactly radcom.h for example
your_dumpfile.c
this has to look like very similar to radcom.c for example
(these radcom files with little c coding knowledge are easy to interpret)
you need to write in to three existing files (in wiretap):
/****************************************/
In file_access.c ,add your header file to this list:
#include "wtap-int.h"
...
#include "network_instruments.h"
#include "your_dumpfile.h" /*this is your header file*/
and to this:
static int (*const open_routines[])(wtap *, int *, char **) = {
/* Files that have magic bytes in fixed locations. These
* are easy to identify.
*/
libpcap_open,
...
airopeek9_open,
your_dumpfile_open, /*if your dump file uses some magic number, if not than you still have to put in the same array but somewhere else...it is evident from file_access.c */
}
dump_open_table[WTAP_NUM_FILE_TYPES] = {
/* WTAP_FILE_UNKNOWN */
{ NULL, NULL,
NULL, NULL },
....
/* WTAP_FILE_YOUR_DUMPFILE */
{ NULL, NULL,
NULL, NULL },
}
/********************************/
wiretap.h
what you should make with this file is in the readme
....
#define WTAP_FILE_EYESDN 39
#define WTAP_FILE_YOUR_DUMPFILE 40
/* last WTAP_FILE_ value + 1 */
#define WTAP_NUM_FILE_TYPES 41 /*dont forget to add one to this...*/
....
/*********************************/
Makefile.common
find where is radcom.c and radcom.h and add yours to the same place...very obvious
on Linux you may have to run automake , autoconfig, and aclocal or something...i cant remember this part:(
"tricks" (no tricks just timesaving small things) not in wiretap/README.developer
in the your_dumpfile_open function:
wth->file_type = WTAP_FILE_YOURDUMP_FILE;
wth->file_encap = WTAP_ENCAP_SOMETHING; /*that should be something that is the basic protocol that your dump file has...not the dump file's own format...the possibilities are in the wtap.h file*/
wth->subtype_read = tektronix_read;
wth->subtype_seek_read = tektronix_seek_read;
wth->phdr.pkt_encap = wth->file_encap; /*this should be set to this...donno why*/
wth->snapshot_length = 0;
in function your_dumpfile_read(....long *data_offset...)
this value has to be set for the seek_read function to find the packet...
that is it for me....
radcom.c was a very easy to follow example for me...so i hope it will be for you
Gilbert Ramirez <gilbertr@xxxxxxxxx> wrote:
LIke I've said before, if the file you're reading is an hex-dump text
file, then your easiest option is to try to convert it to a pcap file
using text2pcap, a program that comes with ethereal. text2pcap has a
lot of options, but if the hexdump format cannot be read by text2pcap,
another option is to write a small program to convert your hexdump
format to a format that *is* readable by text2pcap. I did this for a
netscreen hexdump file... see tools/netscreen2dump.py in the ethereal
SVN repository ( I don't think it's in 0.10.7)
--gilbert
On 17 Nov 2004 13:52:31 -0000, harsha ss wrote:
>
>
>
> Hi all,
> I am using the ethereal 0.10.7 version on linux machine.
> I want the ethereal to read the file of different format with a mix of
> the ascii and hex message.Ethereal gives
unknown format to read such files.
> Please any one give suggetion to read such files and display the file
> contents in the ethereal window.
>
> regards
> Harsha
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
>
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
Do you Yahoo!?
Discover all thats new in
My Yahoo!
