Wireshark-dev: Re: [Wireshark-dev] Help importing custom data to libpcap file??

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 24 Sep 2010 15:42:48 -0700
On Sep 24, 2010, at 3:38 PM, Alex Lindberg wrote:

> My intent is to import some detailed logging data into a libpcap file then create wireshark dissectors to evaluate the log data.
> 
> The log data is composed of ASCII hex values that represent various types of messages. These messages are taken from the data, control and packet buss of our equipment.  Each of these messages have a well defined bit orientated structures that can be mapped in to the first few layers of the OSI stack (datalink, network, transport and session).

So those do, in fact, sound like they're a form of protocol traffic.

> I want to use Wireshark as my decoding platform.
> 
> Thus I need to read an ASCII file containing time stamp information and the ASCII HEX version of these messages and create a libpcap file so they can be read by Wireshark and my custom dissectors.

...or you might be able to write a module for the Wiretap library in Wireshark (see the "wiretap" subdirectory) that can directly read your ASCII files.