Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
Thanks for your reply
I went through the steps suggested by you,
i have the following problems
1. How to choose the proper encapsulation type to the
file we are using, any hints?
2. In wiretap directory new routines are written in a new_file
and that new_file.c and new_file.h are added to the list just
after the radcom.h and radcom.c file.
3. I got much information to write the routines from radcom.c.
The Makefile generated from Makefile.common will include
the new_file.c and new_file.h but The files added does not
produce .lo and .o files please tell me the reason.
4. I can see the difference even they not produce the .lo and .o files.
Please give the further suggestion to proceed.
Thanks in advance
harsha
On Wed, 17 Nov 2004 Miklos Szurdi wrote :
>i will try to summarize this thing for you
>a small how to on this as it may be interesting for others to
>
>there is a readme on this in the wiretap library (README.developer)
>as it says it is very short and very dirty....but very useful!!!!!!
>you have to write to files:
>
>your_dumpfile.h
>
>this has to look like exactly radcom.h for example
>
>your_dumpfile.c
>
>this has to look like very similar to radcom.c for example
>
>(these radcom files with little c coding knowledge are easy to interpret)
>
>
>you need to write in to three existing files (in wiretap):
>/****************************************/
>In file_access.c ,add your header file to this list:
>
>#include "wtap-int.h"
>...
>#include "network_instruments.h"
>#include "your_dumpfile.h" /*this is your header file*/
>
>and to this:
>
>static int (*const open_routines[])(wtap *, int *, char **) = {
> /* Files that have magic bytes in fixed locations. These
> * are easy to identify.
> */
> libpcap_open,
> ...
> airopeek9_open,
> your_dumpfile_open, /*if your dump file uses some magic number, if not than you still have to put in the same array but somewhere else...it is evident from file_access.c */
>}
>
> dump_open_table[WTAP_NUM_FILE_TYPES] = {
> /* WTAP_FILE_UNKNOWN */
> { NULL, NULL,
> NULL, NULL },
> ....
> /* WTAP_FILE_YOUR_DUMPFILE */
> { NULL, NULL,
> NULL, NULL },
>
>}
>/********************************/
>wiretap.h
>what you should make with this file is in the readme
>....
>#define WTAP_FILE_EYESDN 39
>#define WTAP_FILE_YOUR_DUMPFILE 40
>/* last WTAP_FILE_ value + 1 */
>#define WTAP_NUM_FILE_TYPES 41 /*dont forget to add one to this...*/
>....
>/*********************************/
>Makefile.common
>find where is radcom.c and radcom.h and add yours to the same place...very obvious
>on Linux you may have to run automake , autoconfig, and aclocal or something...i cant remember this part:(
>
>"tricks" (no tricks just timesaving small things) not in wiretap/README.developer
>
>in the your_dumpfile_open function:
>
> wth->file_type = WTAP_FILE_YOURDUMP_FILE;
> wth->file_encap = WTAP_ENCAP_SOMETHING; /*that should be something that is the basic protocol that your dump file has...not the dump file's own format...the possibilities are in the wtap.h file*/
> wth->subtype_read = tektronix_read;
> wth->subtype_seek_read = tektronix_seek_read;
> wth->phdr.pkt_encap = wth->file_encap; /*this should be set to this...donno why*/
> wth->snapshot_length = 0;
>
>in function your_dumpfile_read(....long *data_offset...)
>
>this value has to be set for the seek_read function to find the packet...
>
>that is it for me....
>
>radcom.c was a very easy to follow example for me...so i hope it will be for you
>Gilbert Ramirez <gilbertr@xxxxxxxxx> wrote:
>LIke I've said before, if the file you're reading is an hex-dump text
>file, then your easiest option is to try to convert it to a pcap file
>using text2pcap, a program that comes with ethereal. text2pcap has a
>lot of options, but if the hexdump format cannot be read by text2pcap,
>another option is to write a small program to convert your hexdump
>format to a format that *is* readable by text2pcap. I did this for a
>netscreen hexdump file... see tools/netscreen2dump.py in the ethereal
>SVN repository ( I don't think it's in 0.10.7)
>
>--gilbert
>
>
>On 17 Nov 2004 13:52:31 -0000, harsha ss wrote:
> >
> >
> >
> > Hi all,
> > I am using the ethereal 0.10.7 version on linux machine.
> > I want the ethereal to read the file of different format with a mix of
> > the ascii and hex message.Ethereal gives unknown format to read such files.
> > Please any one give suggetion to read such files and display the file
> > contents in the ethereal window.
> >
> > regards
> > Harsha
> >
> >
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >
> >
> >
>
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
>---------------------------------
>Do you Yahoo!?
> Discover all thats new in My Yahoo!
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev
- Follow-Ups:
- Re: Re: [Ethereal-dev] Trying to add new format file
- From: Gilbert Ramirez
- Re: Re: [Ethereal-dev] Trying to add new format file
- From: Miklos Szurdi
- Re: Re: [Ethereal-dev] Trying to add new format file
- Prev by Date: Re: [Ethereal-dev] The Thing - check in the files ?
- Next by Date: [Ethereal-dev] A python extension module for the ethreal's WireTap library
- Previous by thread: Re: [Ethereal-dev] Trying to add new format file
- Next by thread: Re: Re: [Ethereal-dev] Trying to add new format file
- Index(es):
