Wireshark-dev: Re: [Wireshark-dev] wslua: reading raw file?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Németh Márton <nm127@xxxxxxxxxxx>
Date: Thu, 10 Apr 2008 20:16:33 +0200
Hi Luis and Guy,

now I have a better understaning of the difference between dissector
and file format.

I think currently for my current needs using a converter script and
using one of the USR_DLTs will fit the best.

	Márton Németh

Luis EG Ontanon wrote:
> So, That's not called a dissector but a file format.
> 
> And NO, lua cannot be used to describe file formats. That would had
> been simply sluggish (at least the attemt I gave to it besides being
> an ugly hack it was simply unusable).
> 
> If the file format is of general interest would be probably better
> written in C anyway. In the other case the best solution is to write a
> script to convert those files into libpcap format, and use one of the
> USER_DLTs.
> 
> Luis
> 
> On Wed, Apr 9, 2008 at 7:00 PM, Németh Márton <nm127@xxxxxxxxxxx> wrote:
>> Guy Harris wrote:
>>  > Németh Márton wrote:
>>  >
>>  >> I started to use wslua and succeed to write a simple dissector on
>>  >> ethernet level. I created a .pcap header and copied my raw file after
>>  >> it.
>>  >>
>>  >> Is it possible using wslua to open a raw file which is not supported
>>  >> by Wireshark, yet?
>>  >
>>  > Creating a libpcap-format file header and writing after it packets that
>>  > don't have libpcap-format packet headers is a waste of time; if you want
>>  > to write a file that programs that read libpcap format can read, put the
>>  > libpcap-format file header at the beginning of the file and then put
>>  > libpcap-format packet headers in front of the packet data for each
>>  > packet, and if you just want a raw file, just write out the raw file
>>  > without the libpcap-format headers - without libpcap-format per-packet
>>  > headers, the libpcap-format file header won't help you.
>>
>>  I don't really understand your point, maybe I did not describe well what
>>  I would like to do. I would like to write a dissector which is similar to
>>  how Wireshark can open .mp3 files. The .mp3 files don't have libpcap headers
>>  at all, but Wireshark can handle them.
>>
>>  My question is that is it possible to create a dissector which reads a
>>  raw file without libpcap header?
>>
>>         Márton Németh
>>