[Gilbert Ramirez <gram@xxxxxxxxxxxxxxx>]

You could use libpcap to read the file.

http://www.tcpdump.org/

I suppose you could even use the wiretap libary (part of the wireshark distribution) to read it.

Or, you can use tshark -Tpdml to dissect the cap file and output XML, which you can then parse.

See doc/README.xml-output in the wireshark distro. Also, tools/WiresharkXML.py is a python library to read that pdml (xml) output.

Gilbert

On Fri, Feb 1, 2013 at 5:18 AM, José Roberto Bolognani <zebetao@xxxxxxxxx> wrote:

Hi all.

I need to read inside the cap file but I need to know how.

The situation is: My application is sending 5 requests (5 connections) per second and inside this requests there are a limit of items (108 in total), but sometimes there is situations where it goes over than 5 connections and consequently more than 108 items.

I need to read this .caps collected from wireshark in a new app to summary this specific seconds where have more than 108 items per second.

The point is how to read the cap files out of Wireshark and be possible to know the time it has left the network and read the package insisde.

Can you guys help me?

Thanks in advance.

--
José Roberto Bolognani

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe