Ethereal-users: Re: [Ethereal-users] Test from *.cap to *.txt and viceversa

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Moshe Haviv <mhaviv2000@xxxxxxxxxxx>
Date: Wed, 1 Sep 2004 09:34:22 +0100 (BST)
Hi,
 
My suggestion is simpler!
Send the capture to print-into a file! Then you can choose if you want all the packets expanded or not and if you also want the HEX data or not.
Iy always works like magic.
 
Moshe

César Cárdenas <ccardena@xxxxxxxx> wrote:
Dear all:

Apologizes for the long text...

In testing the operation from *.cap to *.txt and viceversa...here are my
directives (original file has no extension but is recognized by ethereal
for windows):

>tethereal -r file -x > file.txt

Output "file.txt" is of the form:

-----
1 0.000000 83.97.170.103 -> 81.220.252.238 TCP 1438 > microsoft-ds [SYN]
Seq=0 Ack=0 Win=16384 Len=0 MSS=1460

0000 00 03 47 8c 39 16 00 0a 42 6c 3c 54 08 00 45 00 ..G.9...Bl0010 00 30 79 18 40 00 74 06 41 1c 53 61 aa 67 51 dc .0y.@xxxxxxxxxx.
0020 fc ee 05 9e 01 bd 5f a9 a1 62 00 00 00 00 70 02 ......_..b....p.
0030 40 00 ee 24 00 00 02 04 05 b4 01 01 04 02 @..$..........

...
-----

Then applying the viceversa operation:

>text2pcap file.txt filecap.cap

Output "filecap.cap" is not the original one...???:

-----
No. Time Source Destination Protocol
Info
1 0.000000 Ethernet
[Malformed Packet]

Frame 1 (2 bytes on wire, 2 bytes captured)
Arrival Time: Aug 31, 2004 19:48:17.000000000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 2 bytes
Capture Length: 2 bytes
[Malformed Packet: Ethernet]

0000 00 03 ..
...
-----

Looking for the reason, I erased the first line for some packets in the
"file.txt" and applied the same operation:

>text2pcap file.txt filecap.cap

The output is of the form:

-----
No. Time Source Destination Protocol
Info
1 0.000000 83.97.170.103 81.220.252.238 TCP
1438 > microsoft-ds [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460

Frame 1 (62 bytes on wire, 62 bytes captured)
Arrival Time: Aug 31, 2004 20:44:09.000000000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 62 bytes
Capture Length: 62 bytes
Ethernet II, Src: 00:0a:42:6c:3c:54, Dst: 00:03:47:8c:39:16
Internet Protocol, Src Addr: 83.97.170.103 (83.97.170.103), Dst Addr: 81.220.252.238
(81.220.252.238)
Transmission Control Protocol, Src Port: 1438 (1438), Dst Port: microsoft-ds
(445), Seq: 0, Ack: 0, Len: 0

0000 00 03 47 8c 39 16 00 0a 42 6c 3c 54 08 00 45 00 ..G.9...Bl0010 00 30 79 18 40 00 74 06 41 1c 53 61 aa 67 51 dc .0y.@xxxxxxxxxx.
0020 fc ee 05 9e 01 bd 5f a9 a1 62 00 00 00 00 70 02 ......_..b....p.
0030 40 00 ee 24 00 00 02 04 05 b4 01 01 04 02 @..$..........

No. Time Source Destination Protocol
Info
2 0.000001 81.220.252.238 83.97.170.103 TCP
microsoft-ds > 1438 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0

Frame 2 (54 bytes on wire, 54 bytes captured)
Arrival Time: Aug 31, 2004 20:44:09.000001000
Time delta from previous packet: 0.000001000 seconds
Time since reference or first frame: 0.000001000 seconds
Frame Number: 2
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II, Src: 00:03:47:8c:39:16, Dst: 00:0a:42:6c:3c:54
Internet Protocol, Src Addr: 81.220.252.238 (81.220.252.238), Dst Addr:
83.97.170.103 (83.97.170.103)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 1438
(1438), Seq: 0, Ack: 0, Len: 0

0000 00 0a 42 6c 3c 54 00 03 47 8c 39 16 08 00 45 00 ..Bl0010 00 28 3b e3 00 00 40 06 f2 59 51 dc fc ee 53 61 .(;...@..YQ...Sa
0020 aa 67 01 bd 05 9e 00 00 00 00 5f a9 a1 63 50 14 .g........_..cP.
0030 00 00 5a d5 00 00 ..Z...
-----

Everything is OK but the timestamp is not recovered...so...my questions
are, for the direct or inverse conversion and exact original file recovering:

Do I need to add a command to the *.cap to *.txt conversion?
Do I need to add a command to the *.txt to *.cap conversion?

I really appreciate your help,
César Cárdenas

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

		
---------------------------------
 ALL-NEW Yahoo! Messenger - all new features - even more fun!