Williams, Ken wrote:
I am attempting to use ethereal to decode a propriatory trace from one of
out mobile phones.
I have written a script that convets the trace to a hex dump suitable for
the text2pcap program.
I have run the text2pcap program and produced a pcap file.
I have set the gsm dcap setting in the enabled protocols.
Having done this, ethereal will read in the packets and display them. The
problem is that it will not decode them. I just get UNKNOWN WTAP_ENCAP = 1.
What happens if you try to read an ordinary Ethernet capture? (If you
don't have any, see
http://wiki.ethereal.com/SampleCaptures
for some samples.)
You probably ran text2pcap without the "-l" flag, in which case the
capture file text2pcap generates is an Ethernet capture. However,
neither with a real Ethernet capture nor with the capture you generated
should you get a protocol of "UNKNOWN" and an info column of "WTAP_ENCAP
= 1" - and you'll probably get that with both captures if you're getting
it with one of them.
If you get that error with all captures, did you install a binary
distribution of Ethereal, or are you running a version you built from
source?
Even if you fix that problem, however, you still won't be able to handle
your capture unless it contains traffic of a type the libpcap file
format supports - and raw GSM protocols aren't of that type.
You might want to add to Wiretap (the library that comes with Ethereal
and that it uses to read capture files) support for that type of raw GSM
traffic, and to read the traces your mobile phones generate.
