how to decapsulate sdh using editcap

asked 2023-05-16 16:30:45 +0000

bigzero
1 ●1

updated 2023-05-17 08:57:01 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23805 ●4 ●960 ●227 https://www.wireshark.org

Getting error:

cannot write pcapng file.

I am using:

editcap -T sdh --F pcapng c:\sdh\sdhcap1.erf c:\sdh\sdhcap1_decapped.pcapng

edit retag flag offensive close merge delete

Comments

What do you mean by "decapsulate"?

Guy Harris ( 2023-05-17 06:03:28 +0000 )edit

I think the error is because the pcapng format does not support sdh as an "encapsulation type".

The option -T is not intended to remove a protocol layer. From the editcap manual page:'

Note: this merely forces the encapsulation type of the output file to be the specified type; the packet headers of the packets will not be translated from the encapsulation type of the input capture file to the specified encapsulation type (for example, it will not translate an Ethernet capture to an FDDI capture if an Ethernet capture is read and '-T fddi' is specified). If you need to remove/add headers from/to a packet, you will need od(1)/text2pcap(1).

https://www.wireshark.org/docs/man-pa...

But I doubt if it is possible to use "od/text2pcap" to remove Synchronous Digital Hierarchy (SDH).

André ( 2023-05-18 16:48:30 +0000 )edit

add a comment

how to decapsulate sdh using editcap

Comments

Be the first one to answer this question!

Question Tools

Stats

how to decapsulate sdh using editcap edit

Comments

Be the first one to answer this question!

Question Tools

Stats

how to decapsulate sdh using editcap