Wireshark-dev: Re: [Wireshark-dev] Dissector - Read data from file
From: Hans Glück <hanschris.glueck@xxxxxxxx>
Date: Sun, 1 Jun 2008 12:01:36 +0000 (GMT)
Hello, thanks for all the hints. I looked into the code of text2pcap and this is a wonderful fundament to get my own pcap-creator program started. I have to think about whether I´ll use Java (parsing XML is in Java easier), C (perfect if I´ll implement my new capture file in ws) or Python (but I am not familiar with Python) to write this program. Can I parse in Wireshark through XML? I found this: http://wiki.wireshark.org/XML, but I do not think that this is a solution for my parsing problem? Regards, Chris ----- Ursprüngliche Mail ---- Von: Gilbert Ramirez <gram@xxxxxxxxxxxxxxx> An: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Gesendet: Donnerstag, den 29. Mai 2008, 07:06:28 Uhr Betreff: Re: [Wireshark-dev] Dissector - Read data from file Look at the text2pcap program in the wireshark distribution as an example. You could also use text2pcap. If you can write a program to convert your XML to a text-file hex-dump, then you can execute text2pcap to convert that to a pcap file. --gilbert On 5/28/08, Hans Glück <hanschris.glueck@xxxxxxxx> wrote: > Hello, > > thanks for the reply, but I think I had a false start, sorry. I should describe my problem more detailed... > > I have a proprietary program/file (this file contains data from a multiplexer-trace in a GSM device -> the protocol/ packets is based on HDLC). I can export the data out of proprietary file to a XML-file. Wireshark doesn`t understand that format so I have the 3 options posted at the wireshark wiki (PacketInput). Because of my limited time, I think it will be the best way if I´ll choose the way to convert the XML-file to a file which wireshark understands (libpcap). But I do not understand how to convert it, I mean how do I add the global header etc? I will convert it from XML file to *.txt file and then? > > This is an example out of the XML file (just for your information) > > <Transaction type="OUT" device="1" endpoint="2" status="ACK" speed="FS" time="8.443 704 917"> > <Packet id="OUT" speed="FS" time="8.443 704 917"> > <deviceAddress>1</deviceAddress> > <endpointNumber>2</endpointNumber> > <crc5>0x18</crc5> > </Packet> > <Packet id="DATA0" speed="FS" time="8.443 707 900"> > <length>10</length> > <data>F9 07 88 09 61 74 69 0D 85 F9</data> > <crc16>0x157A</crc16> > </Packet> > <Packet id="ACK" speed="FS" time="8.443 718 000"/> > </Transaction> > > > Regards, > Chris > > ----- Ursprüngliche Mail ---- > Von: Jaap Keuter <jaap.keuter@xxxxxxxxx> > An: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> > Gesendet: Sonntag, den 25. Mai 2008, 18:21:02 Uhr > Betreff: Re: [Wireshark-dev] Dissector - Read data from file > > > Hans Glück wrote: > > Hello, > > > > I´m writing a dissector but I do not want to read the data live from the network. > > The dissector doesn't care where the data comes from. > > > I have a file (~60MB) with the data I want to dissect. What should I do that I can read the data from this file (e.g. that the user > can choose the file he/she want to analyze). > > If the file is in any of the many formats Wireshark can read just open it. > You might want to split the file up before loading it, since it might consume > your systems memory with state information. > > > Regards > > Chris > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > __________________________________________________________ > Gesendet von Yahoo! Mail. > Dem pfiffigeren Posteingang. > http://de.overview.mail.yahoo.com > _______________________________________________ > > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev __________________________________________________________ Gesendet von Yahoo! Mail. Dem pfiffigeren Posteingang. http://de.overview.mail.yahoo.com
- Follow-Ups:
- Re: [Wireshark-dev] Dissector - Read data from file
- From: Reinhard Speyerer
- Re: [Wireshark-dev] Dissector - Read data from file
- Prev by Date: [Wireshark-dev] trivial typo
- Next by Date: Re: [Wireshark-dev] trivial typo
- Previous by thread: Re: [Wireshark-dev] trivial typo
- Next by thread: Re: [Wireshark-dev] Dissector - Read data from file
- Index(es):