Wireshark mailing list archives
Re: saving data in pcap file format
From: Andy Lawman <ALawman () amadeus com>
Date: Mon, 11 Oct 2010 15:04:05 +0100
If this turns out to be tricky, you might consider whether using text2pcap would be easier. This takes a hex dump of your packets and generates a pcap file. It ships with Wireshark and its manpage is at http://www.wireshark.org/docs/man-pages/text2pcap.html. To use this you'll need to write some code to take your capture and translate it in to the dump format. Andy. From: Lange Jan-Erik <Jan-Erik.Lange () haw-hamburg de> To: "gsslist+wireshark () anthropohedron net" <gsslist+wireshark () anthropohedron net>, Developer support list for Wireshark <wireshark-dev () wireshark org> Date: 11/10/2010 14:21 Subject: Re: [Wireshark-dev] saving data in pcap file format Sent by: wireshark-dev-bounces () wireshark org Ok, in the documentation of winpcap I found the function pcap_dump_open(). It opens a file for another function ...loop() with captures packet and saves it in this file. But I have to open the file and have to write my data in this file.. not captureing it with this loop() function. It is possible to insert my data into a struct and then save this structure into a .pcap file? I need the "low-level" description of this file format. It should be possible to implement an own easy function to save the data. ________________________________________ Von: wireshark-dev-bounces () wireshark org [wireshark-dev-bounces () wireshark org] im Auftrag von Gregory Seidman [gsslist+wireshark () anthropohedron net] Gesendet: Montag, 11. Oktober 2010 13:53 An: wireshark-dev () wireshark org Betreff: Re: [Wireshark-dev] saving data in pcap file format On Mon, Oct 11, 2010 at 01:35:17PM +0200, Lange Jan-Erik wrote:
Hello, I want to analyze an usb datastream with wireshark. To record the data I
use a proprietary development that uses libusb to receive the data.
Ok, to analyze the data I want to use wireshark. Is there a way to save
the recorded data as a *.pcap File? Is there a library I could use to write the data into a file? Can you an recommend overview about this file format?
When I have this pcap file I would create a dissector plugin to dissect
the data according to my protocoll. You are looking for libpcap (or WinPcap on Windows). Works like a charm, and has lots of language bindings (I've used it with Ruby).
Best regards Jan
--Greg ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended only for the use of the addressee/s above. It may contain information which is privileged, confidential or otherwise protected from disclosure under applicable laws. If the reader of this transmission is not the intended recipient, you are hereby notified that any dissemination, printing, distribution, copying, disclosure or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify us by reply e-mail or using the address below and delete the message and any attachments from your system. Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road, Hounslow, Middlesex, TW6 2TA, Registered number 4040059
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Gregory Seidman (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Andy Lawman (Oct 11)
- Re: saving data in pcap file format Guy Harris (Oct 11)
- Re: saving data in pcap file format Guy Harris (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Gregory Seidman (Oct 11)
- Re: saving data in pcap file format Jeff Morriss (Oct 11)
- Re: saving data in pcap file format Chris Maynard (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Chris Maynard (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)