Wireshark · Wireshark-users: [Wireshark-users] differnt protocol frames file

Wireshark-users: [Wireshark-users] differnt protocol frames file
From: "Faten SOLTANI" <faten.soltani@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Apr 2009 11:49:05 +0200 (CEST)
Hi all

I have à text file, wich contains a different protocols frames (ISUP/MTP3,
SIP/IP...)
I want to know which text2pcap option have I to use, to convert this file 
to Pcap format and  to be able to decode it after.
Thakyou for any help.



Send Wireshark-users mailing list submissions to
> 	wireshark-users@xxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://wireshark.org/mailman/listinfo/wireshark-users
> or, via email, send a message with subject or body 'help' to
> 	wireshark-users-request@xxxxxxxxxxxxx
>
> You can reach the person managing the list at
> 	wireshark-users-owner@xxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wireshark-users digest..."
>
>
> Today's Topics:
>
>    1. uncompression error etc (Condor Kim)
>    2. Re: 2 IP addresses on 1 machine (Juan Perez)
>    3. Re: 2 IP addresses on 1 machine (Abhik Sarkar)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 18 Apr 2009 17:55:42 -0700 (PDT)
> From: Condor Kim <toothache200873@xxxxxxxxx>
> Subject: [Wireshark-users] uncompression error etc
> To: wireshark-users@xxxxxxxxxxxxx
> Message-ID: <659477.28396.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
>
> hi everyone, can you guys help me out with this error message?
>
> today when i tried to start wireshark on my eeepc 900a linux, i got the
> error:
>
> "the file /tmp/xxxx8l1hsu could not be opened: uncompression error: buffer
> error"
>
> what does it mean? i use wireshark 0.99.4.
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://www.wireshark.org/lists/wireshark-users/attachments/20090418/e805b345/attachment.html
>
> ------------------------------
>
> Message: 2
> Date: Sun, 19 Apr 2009 08:22:04 -0700 (PDT)
> From: Juan Perez <jperezsip2008@xxxxxxxxx>
> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
> To: Community support list for Wireshark
> 	<wireshark-users@xxxxxxxxxxxxx>
> Message-ID: <390343.81336.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii
>
>
> anybody has experienced this prob? any ideas on how to solve it?
> any help would be very much appreciated, thanks
>
> jp
>
>
>
> ----- Original Message ----
> From: Juan Perez <jperezsip2008@xxxxxxxxx>
> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Sent: Friday, April 17, 2009 4:27:43 PM
> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
>
>
> ok, what happens is that I am using pub IPs and can not show them here. I
> had to edit the output of the "ifcfg-ethX" files and of course I messed up
> 2 times, :-(.
> this should be the right information, sorry again.
>
>
> eth1 --> 192.168.1.10 255.255.255.0
> eth2 --> 192.168.1.11 255.255.255.0
>
>
> [root@proxy2 network-scripts]# cat ifcfg-eth1
> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
> DEVICE=eth1
> BOOTPROTO=none
> BROADCAST=192.168.1.255
> HWADDR=00:19:b9:f2:f3:f4
> IPADDR=192.168.1.10
> NETMASK=255.255.255.0
> NETWORK=192.168.1.0
> ONBOOT=yes
> GATEWAY=192.168.1.1
> TYPE=Ethernet
> [root@proxy2 network-scripts]#
>
> [root@proxy2 network-scripts]# cat ifcfg-eth2
> # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)
> DEVICE=eth2
> ONBOOT=yes
> BOOTPROTO=none
> HWADDR=00:04:23:e6:8b:17
> NETMASK=255.255.255.0
> IPADDR=192.168.1.11
> GATEWAY=192.168.1.1
> TYPE=Ethernet
> NETWORK=192.168.1.0
> BROADCAST=192.168.1.255
> [root@proxy2 network-scripts]#
>
>
>
>
>
> ----- Original Message ----
> From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Sent: Friday, April 17, 2009 1:52:41 PM
> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
>
> Hi,
>
> Your config says differently:
>
> <quote>
>   [root@proxy2 network-scripts]# cat ifcfg-eth0
>   # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
>   DEVICE=eth0
>   BOOTPROTO=none
>   BROADCAST=192.168.1.255
>   HWADDR=00:19:b9:f2:f3:f4
>   IPADDR=192.168.1.10
>   NETMASK=255.255.255.0
>   NETWORK=192.168.1.0
>   ONBOOT=yes
>   GATEWAY=192.168.1.1
>   TYPE=Ethernet
> </quote>
>
> Thanx,
> Jaap
>
> Juan Perez wrote:
>> sorry, I was a mistake, it is eth1 and eth2, the question still remains
>> ;-)
>>
>> eth1 -> IP=192.168.1.10/24
>> eth2 -> IP=192.168.1.11/24
>>
>>
>> cheers
>>
>> jp
>>
>>
>> ----- Original Message ----
>> From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
>> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
>> Sent: Friday, April 17, 2009 1:22:43 PM
>> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
>>
>> Hi,
>>
>> Reading from the configuration data, in short:
>>
>> eth0 -> IP=192.168.1.10/24
>> eth1 -> IP=192.168.1.11/24
>>
>> So, there is not eth2 in this list. The command line "tshark -i eth1" to
>> capture
>>   traffic to 192.168.1.11 is perfectly oke.
>>
>> Thanx,
>> Jaap
>>
>> Juan Perez wrote:
>>> Hello
>>>
>>> I have a linux machine with two physical NICs and each NIC has its own
>>> IP address belonging to the same network.
>>> Example:
>>> eth0 --> 192.168.1.10 255.255.255.0
>>> eth1 --> 192.168.1.11 255.255.255.0
>>>
>>>
>>> [root@proxy2 network-scripts]# cat ifcfg-eth0
>>> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
>>> DEVICE=eth0
>>> BOOTPROTO=none
>>> BROADCAST=192.168.1.255
>>> HWADDR=00:19:b9:f2:f3:f4
>>> IPADDR=192.168.1.10
>>> NETMASK=255.255.255.0
>>> NETWORK=192.168.1.0
>>> ONBOOT=yes
>>> GATEWAY=192.168.1.1
>>> TYPE=Ethernet
>>> [root@proxy2 network-scripts]#
>>>
>>> [root@proxy2 network-scripts]# cat ifcfg-eth1
>>> # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)
>>> DEVICE=eth1
>>> ONBOOT=yes
>>> BOOTPROTO=none
>>> HWADDR=00:04:23:e6:8b:17
>>> NETMASK=255.255.255.0
>>> IPADDR=192.168.1.11
>>> GATEWAY=192.168.1.1
>>> TYPE=Ethernet
>>> NETWORK=192.168.1.0
>>> BROADCAST=192.168.1.255
>>> [root@proxy2 network-scripts]#
>>>
>>> I have 2 apps, each one listen on 1 IP:
>>>
>>> app 1 listens only on 192.168.1.10
>>> app 2 listens only on 192.168.1.11.
>>>
>>> When I run tshark this way "tshark -i eth2 -S" and packets destined to
>>> IP 2  arrive I do no see them, I have to run tshark like this: "tshark
>>> -i eth1 -S".
>>> In summary, I have to run "tshark -i eth1" for me to see the packets
>>> that fo to IP 2. When I do it that way I can see the packets from any
>>> ext IP to the IP 2 192.168.1.11.
>>>
>>> This should not be. Is there anything wrong with my NICs configuration?
>>>
>>> cheers
>>>
>>> jp
>>>
>>>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 19 Apr 2009 21:03:37 +0400
> From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
> To: Community support list for Wireshark
> 	<wireshark-users@xxxxxxxxxxxxx>
> Message-ID:
> 	<c460e4040904191003o29aea208m6ab032e4c2bd4674@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
>
> I don't know what others have to say, but your LAN configuration doesn't
> quite look alright (unless what I am about to say is also the result of
> your
> massaging the configuration files for display here). What you have is two
> Ethernet interfaces in the same subnet, both defined with gateways. This
> is
> likely to confuse the routing. I would suggest removing the GATEWAY line
> from anyone of the interface configuration files and restarting the
> network
> service.
>
> On Sun, Apr 19, 2009 at 7:22 PM, Juan Perez <jperezsip2008@xxxxxxxxx>
> wrote:
>
>>
>> anybody has experienced this prob? any ideas on how to solve it?
>> any help would be very much appreciated, thanks
>>
>> jp
>>
>>
>>
>> ----- Original Message ----
>> From: Juan Perez <jperezsip2008@xxxxxxxxx>
>> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
>> Sent: Friday, April 17, 2009 4:27:43 PM
>> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
>>
>>
>> ok, what happens is that I am using pub IPs and can not show them here.
>> I
>> had to edit the output of the "ifcfg-ethX" files and of course I messed
>> up 2
>> times, :-(.
>> this should be the right information, sorry again.
>>
>>
>> eth1 --> 192.168.1.10 255.255.255.0
>> eth2 --> 192.168.1.11 255.255.255.0
>>
>>
>> [root@proxy2 network-scripts]# cat ifcfg-eth1
>> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
>> DEVICE=eth1
>> BOOTPROTO=none
>> BROADCAST=192.168.1.255
>> HWADDR=00:19:b9:f2:f3:f4
>> IPADDR=192.168.1.10
>> NETMASK=255.255.255.0
>> NETWORK=192.168.1.0
>> ONBOOT=yes
>> GATEWAY=192.168.1.1
>> TYPE=Ethernet
>> [root@proxy2 network-scripts]#
>>
>> [root@proxy2 network-scripts]# cat ifcfg-eth2
>> # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)
>> DEVICE=eth2
>> ONBOOT=yes
>> BOOTPROTO=none
>> HWADDR=00:04:23:e6:8b:17
>> NETMASK=255.255.255.0
>> IPADDR=192.168.1.11
>> GATEWAY=192.168.1.1
>> TYPE=Ethernet
>> NETWORK=192.168.1.0
>> BROADCAST=192.168.1.255
>> [root@proxy2 network-scripts]#
>>
>>
>>
>>
>>
>> ----- Original Message ----
>> From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
>> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
>> Sent: Friday, April 17, 2009 1:52:41 PM
>> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
>>
>> Hi,
>>
>> Your config says differently:
>>
>> <quote>
>>  [root@proxy2 network-scripts]# cat ifcfg-eth0
>>  # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
>>  DEVICE=eth0
>>  BOOTPROTO=none
>>  BROADCAST=192.168.1.255
>>  HWADDR=00:19:b9:f2:f3:f4
>>  IPADDR=192.168.1.10
>>  NETMASK=255.255.255.0
>>  NETWORK=192.168.1.0
>>  ONBOOT=yes
>>  GATEWAY=192.168.1.1
>>  TYPE=Ethernet
>> </quote>
>>
>> Thanx,
>> Jaap
>>
>> Juan Perez wrote:
>> > sorry, I was a mistake, it is eth1 and eth2, the question still
>> remains
>> ;-)
>> >
>> > eth1 -> IP=192.168.1.10/24
>> > eth2 -> IP=192.168.1.11/24
>> >
>> >
>> > cheers
>> >
>> > jp
>> >
>> >
>> > ----- Original Message ----
>> > From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
>> > To: Community support list for Wireshark
>> <wireshark-users@xxxxxxxxxxxxx>
>> > Sent: Friday, April 17, 2009 1:22:43 PM
>> > Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
>> >
>> > Hi,
>> >
>> > Reading from the configuration data, in short:
>> >
>> > eth0 -> IP=192.168.1.10/24
>> > eth1 -> IP=192.168.1.11/24
>> >
>> > So, there is not eth2 in this list. The command line "tshark -i eth1"
>> to
>> capture
>> >   traffic to 192.168.1.11 is perfectly oke.
>> >
>> > Thanx,
>> > Jaap
>> >
>> > Juan Perez wrote:
>> >> Hello
>> >>
>> >> I have a linux machine with two physical NICs and each NIC has its
>> own
>> IP address belonging to the same network.
>> >> Example:
>> >> eth0 --> 192.168.1.10 255.255.255.0
>> >> eth1 --> 192.168.1.11 255.255.255.0
>> >>
>> >>
>> >> [root@proxy2 network-scripts]# cat ifcfg-eth0
>> >> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
>> >> DEVICE=eth0
>> >> BOOTPROTO=none
>> >> BROADCAST=192.168.1.255
>> >> HWADDR=00:19:b9:f2:f3:f4
>> >> IPADDR=192.168.1.10
>> >> NETMASK=255.255.255.0
>> >> NETWORK=192.168.1.0
>> >> ONBOOT=yes
>> >> GATEWAY=192.168.1.1
>> >> TYPE=Ethernet
>> >> [root@proxy2 network-scripts]#
>> >>
>> >> [root@proxy2 network-scripts]# cat ifcfg-eth1
>> >> # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)
>> >> DEVICE=eth1
>> >> ONBOOT=yes
>> >> BOOTPROTO=none
>> >> HWADDR=00:04:23:e6:8b:17
>> >> NETMASK=255.255.255.0
>> >> IPADDR=192.168.1.11
>> >> GATEWAY=192.168.1.1
>> >> TYPE=Ethernet
>> >> NETWORK=192.168.1.0
>> >> BROADCAST=192.168.1.255
>> >> [root@proxy2 network-scripts]#
>> >>
>> >> I have 2 apps, each one listen on 1 IP:
>> >>
>> >> app 1 listens only on 192.168.1.10
>> >> app 2 listens only on 192.168.1.11.
>> >>
>> >> When I run tshark this way "tshark -i eth2 -S" and packets destined
>> to
>> IP 2  arrive I do no see them, I have to run tshark like this: "tshark
>> -i
>> eth1 -S".
>> >> In summary, I have to run "tshark -i eth1" for me to see the packets
>> that fo to IP 2. When I do it that way I can see the packets from any
>> ext IP
>> to the IP 2 192.168.1.11.
>> >>
>> >> This should not be. Is there anything wrong with my NICs
>> configuration?
>> >>
>> >> cheers
>> >>
>> >> jp
>> >>
>> >>
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list
>> <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> ?subject=unsubscribe
>>
>>
>>
>>
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list
>> <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> ?subject=unsubscribe
>>
>>
>>
>>
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list
>> <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> ?subject=unsubscribe
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://www.wireshark.org/lists/wireshark-users/attachments/20090419/843af19d/attachment.htm
>
> ------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
> End of Wireshark-users Digest, Vol 35, Issue 42
> ***********************************************
>
Prev by Date: Re: [Wireshark-users] 2 IP addresses on 1 machine
Next by Date: Re: [Wireshark-users] 2 IP addresses on 1 machine
Previous by thread: [Wireshark-users] uncompression error etc
Next by thread: [Wireshark-users] Packet capture point
Index(es):
- Date
- Thread