Wireshark-dev: Re: [Wireshark-dev] Dissector - Read data from file

From: Hans Glück <hanschris.glueck@xxxxxxxx>
Date: Tue, 27 May 2008 20:13:18 +0000 (GMT)
Hello,

thanks for the reply, but I think I had a false start, sorry. I should describe my problem more detailed...

I have a proprietary program/file (this file contains data from a multiplexer-trace in a GSM device -> the protocol/ packets is based on HDLC). I can export the data out of proprietary file to a XML-file. Wireshark doesn`t understand that format so I have the 3 options posted at the wireshark wiki (PacketInput). Because of my limited time, I think it will be the best way if  I´ll choose the way to convert the XML-file to a file which wireshark understands (libpcap). But I do not understand how to convert it, I mean how do I add the global header etc? I will convert it from XML file to *.txt file and then?

This is an example out of the XML file (just for your information)

<Transaction type="OUT" device="1" endpoint="2" status="ACK" speed="FS" time="8.443 704 917">
    <Packet id="OUT" speed="FS" time="8.443 704 917">
        <deviceAddress>1</deviceAddress>
        <endpointNumber>2</endpointNumber>
        <crc5>0x18</crc5>
    </Packet>
    <Packet id="DATA0" speed="FS" time="8.443 707 900">
        <length>10</length>
        <data>F9 07 88 09 61 74 69 0D 85 F9</data>
        <crc16>0x157A</crc16>
    </Packet>
<Packet id="ACK" speed="FS" time="8.443 718 000"/>
</Transaction>


Regards,
Chris

----- Ursprüngliche Mail ----
Von: Jaap Keuter <jaap.keuter@xxxxxxxxx>
An: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Gesendet: Sonntag, den 25. Mai 2008, 18:21:02 Uhr
Betreff: Re: [Wireshark-dev] Dissector - Read data from file

Hans Glück wrote:
> Hello,
> 
> I´m writing a dissector but I do not want to read the data live from the network. 

The dissector doesn't care where the data comes from.

> I have a file (~60MB) with the data I want to dissect. What should I do that I can read the data from this file (e.g. that the user 
can choose the file he/she want to analyze).

If the file is in any of the many formats Wireshark can read just open it.
You might want to split the file up before loading it, since it might consume 
your systems memory with state information.

> Regards
> Chris

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev



      __________________________________________________________
Gesendet von Yahoo! Mail.
Dem pfiffigeren Posteingang.
http://de.overview.mail.yahoo.com