how can i convert a trace taken in prism ultralite to a wireshark readable format? the trace is saved in text format and when i run text2pcap it is only writing 16 bytes of a packet. also i would like to know a way to convert a wan trace with l2 protocol say ppp having first 2 bytes as FF 03 into an ethernet packet is there a program to do this?
asked 17 Dec '10, 23:50
Recently text2pcap functionality has been added in Wireshark and there are quite a few options there which might help you out. You can download a development version from http://www.wireshark.org/download/automated/. You can then select "File => import".
If this does not help you, you can need to preprocess your text output to match a format that can be used by the import function.
Or you could file an enhancement request on https://bugzilla.wireshark.org asking for the "Prism Ultralite" file format to be included as supported filetype (at least for reading). PLease make sure you attach some tracefiles showing different encapsulation types. Of course it then all depends on when a developer finds the interest and time to write the code for it. If you feel up to it, you could write the code yourself and submit a patch to be included too :-)
answered 18 Dec '10, 00:47