Ethereal-dev: Re: [Ethereal-dev] Fluke capture file -> conversion to libpcap

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 07 Feb 2006 00:21:56 -0800
Nisbet, Tom wrote:
We would need a binary capture file too. The hex bytes in the text file just show the packet data, but they don't include the file and packet headers.
From the error message, the fix may turn out to be as simple as adding
an enum for the correct media to the Shomiti list of WTAP_ENCAPs in the snoop.c file. 

Fluke *might* be using Shomiti format; this page:

	http://www.networkcomputing.com/story/singlePageFormat.jhtml?articleID=160500420#2
indicates that at least one OptiView device from Fluke is a rebranded Finisar device (Finisar bought Shomiti).
That's not guaranteed, though, so we'd definitely need a binary capture file. (We'd need it *anyway*, just to test our changes.)
Also, the packet header apparently includes some radio data, so it's probably not as simple as adding an enum for the right medium type; we'd also need to process the radio information. At least some of it appears to be fairly straightforwardly reverse-engineerable. If the "Receive Rate" and "Preamble" fields have the same values that show up in section 10.4.4 of 802.11b-1999, that part's reverse-engineerable as well.