# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
ethereal_binary = {

  plugin_version = "1.0.1"

  # Initial creation - 1.0
  # 2011-07-27 - 1.0.1 - MSG - Edited info lines.

  info.1.manufacturer = "Ethereal"
  info.1.device = "tcpdump Binary Log Format (SUPPORTED ONLY AFTER -r -tt CONVERSION)"
  info.1.version.1 = ""

  info.1.manufacturer = "Wireshark"
  info.1.device = "tcpdump Binary Log Format (SUPPORTED ONLY AFTER -r -tt CONVERSION)"
  info.1.version.1 = ""

  # The name of the log format
  log.format.format_label = "Wireshark/Ethereal/tcpdump Binary Log Format (SUPPORTED ONLY AFTER -r -tt CONVERSION)"
  log.miscellaneous.log_data_type = "generic"
  log.miscellaneous.log_format_type = "network_device"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_expression = "starts_with(volatile.log_data_line, 'Ôò¡')"

  create_profile_wizard_options = {

    not_supported_message = "This log data appears to be in Wireshark, Ethereal, or tcpdump Binary Log Format, which is a binary format not supported directly by $PRODUCT_NAME ($PRODUCT_NAME processes text files, and does not support binary formats).  You can still analyze this data with $PRODUCT_NAME, but you need to export to a text format first, using the \"Export as Plain Text File\" dialog box in Wireshark or Ethereal, or using the tcpdump command line tool (tcpdump -r binaryfile.dat -tt > textlog.txt).  The resulting file should be autodetected as a tcpdump (-tt) log when you create a profile; choose that format when prompted."

  } # create_profile_wizard_options

} # ethereal_binary