Reading Tektronix K12xx/K15/K18 .rf5 files
Wireshark supports reading most Tektronix rf5 files generated with the k12 and k15 Protocol Analyzers.
The code in the trunk has some support for files from k18 analyzers, based on the file attached to bug 9455. This change is included in Wireshark versions 1.12.0 and later. If that version still doesn't handle it, file another bug on the Wireshark Bugzilla, and attach the capture file, so that more reverse-engineering can be done.
In order to be able to read an rf5 file you need to instruct Wireshark regarding the contents of the file.
The k1x Protocol analyzers use .stk files to describe the payload to be found in each interface. These contain information about the protocol stack to be found in a certain channel (or port). Wireshark k1x support does not read these files (yet), but it needs to know which encapsulation protocol (SSCOP, LLC, MTP2, IUUP, X.25, etc...).
In order to decode the contents of an rf5 file wireshark uses a table that relates (a part of) the name of the stack file to the lowest protocol n the stack.
Editing the stack-to-protocol table
You can edit the table by going to Preferences->Protocols->k12xx and clicking Edit... to edit the 'K12 protocols' table.
There you can add the stack-to-protocol mappings.
Add an entry to the table and set match to an identifying part of the stk filename, and set protos to the lowest layer protocol in packets using that stack.
Examples entries
| match | protos |
|---|---|
sigtran |
eth_withoutfcs |
isup |
mtp2 |
gsm |
mtp2 |
aal2l3 |
sscop:alcap |
umts_iu |
sscop:sscf-nni |
gprs_gb |
fr |
Known Bugs
- .rf5 files written by Wireshark aren't be readable by Tektronix software. There's too much information in an rf5 file that has not been reverse engineered yet so writing is made only with the information known (and necessary) to Wireshark.
Links
http://www.tek.com/Measurement/network/diagnostics/k12/
http://www.tek.com/Measurement/network/diagnostics/k15/
Imported from https://wiki.wireshark.org/K12 on 2020-08-11 23:15:42 UTC