Hi:
I have binary file which contains the raw data from telnet protocol. This
binary file does not include lipcap_header, IP header and TCP header.
I want to add lipcap_header, IP header and TCP header at beginning of my
binary file to convert this binary file in the lipcap cature file format, so
that I can
use Ethereal.exe to open my binary file.
I tried to use text2pcap.exe to create libpcap-style capture file, but it
does not work as below.
D:\EtherSource>text2pcap.exe -e 0x800 -m 64000 MyBinaryFile
MyBinaryLipcapFile
Input from: MyBinaryFile
Output to: MyBinaryLipcapFile
Generate dummy Ethernet header: Protocol: 0x800
Read 0 potential packets, wrote 0 packets
Text2pcap can reads in an ASCII hex dump and writes the data described into
a libpcap-style capture file.
I think text2pcap.exe can't read binary file.
what I want is to add the following information (in text2pcap.c) at
beginning for the binary file to convert it to libpcap-style capture file:
/* "libpcap" file header (minus magic number). */
struct pcap_hdr {
guint32 magic; /* magic */
guint16 version_major; /* major version number */
guint16 version_minor; /* minor version number */
guint32 thiszone; /* GMT to local correction */
guint32 sigfigs; /* accuracy of timestamps */
guint32 snaplen; /* max length of captured packets, in octets */
guint32 network; /* data link type */
};
/* "libpcap" record header. */
struct pcaprec_hdr {
gint32 ts_sec; /* timestamp seconds */
guint32 ts_usec; /* timestamp microseconds */
guint32 incl_len; /* number of octets of packet saved in file */
guint32 orig_len; /* actual length of packet */
};
typedef struct {
guint8 dest_addr[6];
guint8 src_addr[6];
guint16 l3pid;
} hdr_ethernet_t;
static hdr_ethernet_t HDR_ETHERNET = {
{0x02, 0x02, 0x02, 0x02, 0x02, 0x02},
{0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
0};
typedef struct {
guint8 ver_hdrlen;
guint8 dscp;
guint16 packet_length;
guint16 identification;
guint8 flags;
guint8 fragment;
guint8 ttl;
guint8 protocol;
guint16 hdr_checksum;
guint32 src_addr;
guint32 dest_addr;
} hdr_ip_t;
typedef struct {
guint16 source_port;
guint16 dest_port;
guint32 seq_num;
guint32 ack_num;
guint8 hdr_length;
guint8 flags;
guint16 window;
guint16 checksum;
guint16 urg;
} hdr_tcp_t;
Can I use text2pcap.exe or any other program to convert binary file to
libpcap-style capture file?
Thanks a lot for help.
David
_________________________________________________________________
Take charge with a pop-up guard built on patented Microsoft� SmartScreen
Technology
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSN� Premium right now and get the
first two months FREE*.