Wireshark-dev: Re: [Wireshark-dev] saving data in pcap file format
From: Andy Lawman <ALawman@xxxxxxxxxxx>
Date: Mon, 11 Oct 2010 15:04:05 +0100
If this turns out to be tricky, you might
consider whether using text2pcap would be easier. This takes a hex dump
of your packets and generates a pcap file. It ships with Wireshark and
its manpage is at http://www.wireshark.org/docs/man-pages/text2pcap.html.
To use this you'll need to write some code to take your capture and translate
it in to the dump format.
Andy.
From: Lange Jan-Erik <Jan-Erik.Lange@xxxxxxxxxxxxxx>
To: "gsslist+wireshark@xxxxxxxxxxxxxxxxxx" <gsslist+wireshark@xxxxxxxxxxxxxxxxxx>, Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Date: 11/10/2010 14:21
Subject: Re: [Wireshark-dev] saving data in pcap file format
Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx
Ok, in the documentation of winpcap I found the function pcap_dump_open().
It opens a file for another function ...loop() with captures packet and saves it in this file.
But I have to open the file and have to write my data in this file.. not captureing it with this loop() function. It is possible to insert my data into a struct and then save this structure into a .pcap file?
I need the "low-level" description of this file format. It should be possible to implement an own easy function to save the data.
________________________________________
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [wireshark-dev-bounces@xxxxxxxxxxxxx] im Auftrag von Gregory Seidman [gsslist+wireshark@xxxxxxxxxxxxxxxxxx]
Gesendet: Montag, 11. Oktober 2010 13:53
An: wireshark-dev@xxxxxxxxxxxxx
Betreff: Re: [Wireshark-dev] saving data in pcap file format
On Mon, Oct 11, 2010 at 01:35:17PM +0200, Lange Jan-Erik wrote:
> Hello,
>
> I want to analyze an usb datastream with wireshark. To record the data I use a proprietary development that uses libusb to receive the data.
>
> Ok, to analyze the data I want to use wireshark. Is there a way to save the recorded data as a *.pcap File? Is there a library I could use to write the data into a file? Can you an recommend overview about this file format?
>
> When I have this pcap file I would create a dissector plugin to dissect the data according to my protocoll.
You are looking for libpcap (or WinPcap on Windows). Works like a charm,
and has lots of language bindings (I've used it with Ruby).
> Best regards
> Jan
--Greg
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended only for the use of the addressee/s above. It may contain information which is privileged, confidential or otherwise protected from disclosure under applicable laws. If the reader of this transmission is not the intended recipient, you are hereby notified that any dissemination, printing, distribution, copying, disclosure or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify us by reply e-mail or using the address below and delete the message and any attachments from your system.
Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road, Hounslow, Middlesex, TW6 2TA, Registered number 4040059
Andy.
From: Lange Jan-Erik <Jan-Erik.Lange@xxxxxxxxxxxxxx>
To: "gsslist+wireshark@xxxxxxxxxxxxxxxxxx" <gsslist+wireshark@xxxxxxxxxxxxxxxxxx>, Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Date: 11/10/2010 14:21
Subject: Re: [Wireshark-dev] saving data in pcap file format
Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx
Ok, in the documentation of winpcap I found the function pcap_dump_open().
It opens a file for another function ...loop() with captures packet and saves it in this file.
But I have to open the file and have to write my data in this file.. not captureing it with this loop() function. It is possible to insert my data into a struct and then save this structure into a .pcap file?
I need the "low-level" description of this file format. It should be possible to implement an own easy function to save the data.
________________________________________
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [wireshark-dev-bounces@xxxxxxxxxxxxx] im Auftrag von Gregory Seidman [gsslist+wireshark@xxxxxxxxxxxxxxxxxx]
Gesendet: Montag, 11. Oktober 2010 13:53
An: wireshark-dev@xxxxxxxxxxxxx
Betreff: Re: [Wireshark-dev] saving data in pcap file format
On Mon, Oct 11, 2010 at 01:35:17PM +0200, Lange Jan-Erik wrote:
> Hello,
>
> I want to analyze an usb datastream with wireshark. To record the data I use a proprietary development that uses libusb to receive the data.
>
> Ok, to analyze the data I want to use wireshark. Is there a way to save the recorded data as a *.pcap File? Is there a library I could use to write the data into a file? Can you an recommend overview about this file format?
>
> When I have this pcap file I would create a dissector plugin to dissect the data according to my protocoll.
You are looking for libpcap (or WinPcap on Windows). Works like a charm,
and has lots of language bindings (I've used it with Ruby).
> Best regards
> Jan
--Greg
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended only for the use of the addressee/s above. It may contain information which is privileged, confidential or otherwise protected from disclosure under applicable laws. If the reader of this transmission is not the intended recipient, you are hereby notified that any dissemination, printing, distribution, copying, disclosure or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify us by reply e-mail or using the address below and delete the message and any attachments from your system.
Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road, Hounslow, Middlesex, TW6 2TA, Registered number 4040059
- References:
- [Wireshark-dev] saving data in pcap file format
- From: Lange Jan-Erik
- Re: [Wireshark-dev] saving data in pcap file format
- From: Gregory Seidman
- Re: [Wireshark-dev] saving data in pcap file format
- From: Lange Jan-Erik
- [Wireshark-dev] saving data in pcap file format
- Prev by Date: [Wireshark-dev] asked to send this to you by program
- Next by Date: Re: [Wireshark-dev] saving data in pcap file format
- Previous by thread: Re: [Wireshark-dev] saving data in pcap file format
- Next by thread: Re: [Wireshark-dev] saving data in pcap file format
- Index(es):