Wireshark-dev: Re: [Wireshark-dev] Help importing custom data to libpcap file??

From: Alex Lindberg <alindber@xxxxxxxxx>
Date: Fri, 24 Sep 2010 15:38:32 -0700 (PDT)
My intent is to import some detailed logging data into a libpcap file then create wireshark dissectors to evaluate the log data.

The log data is composed of ASCII hex values that represent various types of messages. These messages are taken from the data, control and packet buss of our equipment.  Each of these messages have a well defined bit orientated structures that can be mapped in to the first few layers of the OSI stack (datalink, network, transport and session).  I want to use Wireshark as my decoding platform.

Thus I need to read an ASCII file containing time stamp information and the ASCII HEX version of these messages and create a libpcap file so they can be read by Wireshark and my custom dissectors.

I have created a number of custom dissectors for our custom IP packets and I want to extend these dissectors to cover these messages in the log files.

Any guidance you could provide would be very helpful.

Alex Lindberg

--- On Fri, 9/24/10, Guy Harris <guy@xxxxxxxxxxxx> wrote:

From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Help importing custom data to libpcap file??
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Date: Friday, September 24, 2010, 4:46 PM


On Sep 24, 2010, at 2:43 PM, Alex Lindberg wrote:

> I would like to create a libpcap formated file based on custom data formats, NOT from a live capture stream.  I will also build custom dissectors for this data and use a user defined packet type.
>
> Any suggestions?

My first suggestion would be to think whether you need a libpcap-formatted file.  If the custom data format isn't a form of protocol traffic, it's not necessarily what you want.

What type of data is the custom data?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe