Wireshark-users: [Wireshark-users] Script to convert Cisco ATM dump to something that Wireshark c
Hi,
I have created a little Perl script to convert IP packet that are tranmistted over ATM interface on Cisco. This script is inspired by the one made by Hamish Moffatt which convert IP packet to something Wireshark can read. It takes only IP packets and ignore ATM cells from the the copy of the output of the following Cisco command : debug atm packet
I don't if it's the good place to post it :)
Anyway here it is :
------------------------------ CUT HERE ---------------------------------------
#!/usr/bin/perl
# Convert Cisco debug atm packet format to something text2pcap can read.
# Use "cat <debug output> | conv......pl | text2pcap -l 12 - <output capture file>"
# Author: Frederic Point <>.
# Inspired by: Hamish Moffatt <hamish@xxxxxxxxxxxx>.
# License: GPL (see
www.gnu.org).
sub dumppkt () {
for ($i = 0; $i < scalar(@pkt); $i++) {
if ($i % 16 == 0) {
printf "\n%08X", $i;
}
printf " %02X", $pkt[$i];
}
}
$in_ip_packet = 0;
while(<>) {
chomp;
# Strip line before the beginning of IP packet
if (m/TYPE:0800/) {
$in_ip_packet = 1;
next;
}
# After the end of IP packet, dump packet
if (m/^*[A-Z][a-z]{2} [0-9 ][0-9] [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}:[ \n\r\t]*$/) {
if ($in_ip_packet) {
dumppkt;
undef @pkt;
$in_ip_packet = 0;
next;
}
}
unless ($in_ip_packet) {
next;
}
# Strip the offsets
$hex = substr $_, 22, 96;
# Remove all spaces
$hex =~ s/ //g;
# dos2unix
$hex =~ s/\r//g;
# Convert hex bytes on this line
while ((length $hex) > 0) {
push @pkt, hex (substr $hex, 0, 2, "");
}
}
dumppkt;
print "\n";
------------------------------ CUT HERE ---------------------------------------
Thanks to all Ethereal/WireShark devs for creating such a piece of software !
Best Regards
Frederic Point
