Wireshark-dev: Re: [Wireshark-dev] Using Wireshark packet parsers and pretty printers

From: Ulisses Araújo Costa <ulissesaraujocosta@xxxxxxxxx>
Date: Mon, 9 Mar 2009 23:34:36 +0000
I Just want to know what is the function with that I can read a
tcpdump file and return the structure of a packet...


On Mon, Mar 9, 2009 at 20:31, Stephen Donnelly <stephen@xxxxxxxxxx> wrote:
> On Mon, 2009-03-09 at 20:14 +0000, Ulisses Araújo Costa wrote:
>> Hello,
>>
>> I'm doing a project where I need to parse some packets (HTTP and some
>> protocols for databases).
>> I start doing this using the tcpdump library, and after that start to
>> parse all the nested packets like that:
>>
>> Ethernet -> TCP/UDP -> IPv4/IPv6 -> Application packet
>>
>> I've done part of this job using the Haskell programming language, the
>> problem is to start obtain information about the relation of the
>> packets (like temporal relation, or others). I see that wireshark
>> already does that job. And in fact parse all the data from one packet,
>> and have a great pretty printer.
>>
>> I start to read manuals for developers, and unfortunately did not find
>> anything that really help me.
>>
>> My question is: Could you show to me a simple program that take a
>> input tcpdump file (Coud also be in Online mode), and just return the
>> structure of the parsed packets?
>>
>> Thank you,
>
> The PSML or PDML XML export formats might be useful?
>
> Stephen
> --
> -----------------------------------------------------------------------
>    Stephen Donnelly BCMS PhD           email: sfd@xxxxxxxxxx
>    Endace Technology Ltd               phone: +64 7 839 0540
>    Hamilton, New Zealand               cell:  +64 21 530 770
> -----------------------------------------------------------------------
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



-- 
Ulisses Costa - http://caos.di.uminho.pt/~ulisses/