Description
This article explains how the output of the 'Diag sniff packet' command can be imported into Wireshark (Formally known as Ethereal).
Solution
When using Perl script:
1) If a Perl interpreter is not already installed, search on the Internet for a free 'activeperl', for example, ActivePerl-5.8.8.819-MSWin32-x86-267479.zip.
2) Download 'fgt2eth.pl.zip' file below, and extract script 'fgt2eth.pl' to the Perl folder after installation.
3) Open a command prompt window and execute:
cd\Perl ( <-folder name of Perl after install)
perl fgt2eth.pl -in <file captured>.txt -out <output name>.cap
When using Perl executable program (Windows):
1) It is not necessary to have a Perl interpreter installed. Download 'fgt2eth.exe.12.2014.zip' file below, attached below, and extract executable 'fgt2eth.exe' to the desired folder.
2) Open a command prompt window and execute:
cd\MyExeFolder ( <-folder name of Perl after install)
fgt2eth.exe -in <file captured>.txt -out <output name>.cap
Result:
Once this has been completed the <output name>.cap file can be opened in WireShark or any traffic analyzer decoding this format.
In order for this script/executable to function properly, it must be able to run a file named text2pcap.exe that is installed as part of a Wireshark installation package. An error will be shown if this file cannot be found.
Ensure the path variable is set correctly to include the WireShark installation directory (by default c:\Program Files\Wireshark), or, move this script/executable directly to the WireShark directory.
The tool can use piped flow to Wireshark.
Usage:
Version : Dec 19 2014
Usage : fgt2eth.pl -in <input_file_name>
Mandatory arguments are:
-in <input_file> Specify the file to convert (FGT verbose 3 text file)
Optional arguments are:
-help Display help only
-version Display script version and date
-out <output_file> Specify the output file (Ethereal readable)
By default <input_file>.pcap is used
-will start wireshark for realtime follow-up
-lines <lines> Only convert the first <lines> lines
-demux Create one pcap file per interface (verbose 6 only)
-debug Turns on debug mode
Related articles: