Wireshark-dev: Re: [Wireshark-dev] develop a tool to parse captured file
Hello Yefim,
For the Ethereal native file format (libpcap/WindPcap), this is a starting point: http://wiki.wireshark.org/Development/LibpcapFileFormat
Alternately, you could convert the captures to PDML format (an XML based format) which would make the packets easier to process (as in simpler code), but generate tons of data.
Hope this helps.
Good luck!
Abhik.
For the Ethereal native file format (libpcap/WindPcap), this is a starting point: http://wiki.wireshark.org/Development/LibpcapFileFormat
Alternately, you could convert the captures to PDML format (an XML based format) which would make the packets easier to process (as in simpler code), but generate tons of data.
Hope this helps.
Good luck!
Abhik.
On 7/3/07, Yefim Rozenkrants <yrozenkrants@xxxxxxxxxxxxxxx> wrote:
I need to extract from capture file ( saved with ethereal) packet streams to different computers in the local network. Therefore I need to parse the capture file. I would like to get an advice how to start this project. What is the capture file structure and where I can find it. The development will be in windows environment (visual studio 2005).
Any advice will be kindly appreciated
Thanks Yefim
_______________________________________________
Wireshark-dev mailing listWireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
- References:
- [Wireshark-dev] develop a tool to parse captured file
- From: Yefim Rozenkrants
- [Wireshark-dev] develop a tool to parse captured file
- Prev by Date: Re: [Wireshark-dev] develop a tool to parse captured file
- Next by Date: Re: [Wireshark-dev] Windows build crashing
- Previous by thread: Re: [Wireshark-dev] develop a tool to parse captured file
- Next by thread: [Wireshark-dev] how to disable dissectors when I build TShark ?
- Index(es):