Hi, I use Wireshark to convert gsmtap pcap's to pdml. An example line from pdml file is shown below. I have a few questions about the way Wireshark converts pcap to pdml.
I have two computers, one is running Wireshark 1.12 and the other is running Wireshark 1.99. Now, Wireshark 1.12 saves this line as shown below, Wireshark 1.99 would save it differently. The field "name" would be "e212.lac", the value in field "show" would be shown decimal and not hex.
I had several scripts extracting the info from pdml file based on values in the field "name". With Wireshark 1.99 it all becomes useless, as the unique field values I was using changed the contents. Is there a way to run Wireshark 1.99 in such away that pdml files are backwards compatible? I do the pcap to pdml conversion this way:
tshark -r abc.pcap -Y '!icmp && gsmtap' -T pdml -2 -R "gsm_a.dtap.msg_rr_type == 0x21" > abc.txt
field name="gsm_a.lac" showname="Location Area Code (LAC): 0xe54c (58700)" size="2" pos="66" show="0x0000e54c" value="e54c"
asked 22 Oct ‘15, 02:27
dictador
6●1●1●2
accept rate: 0%
