Wireshark-users: [Wireshark-users] C++ program using"editcap"
From: "Faten SOLTANI" <faten.soltani@xxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Mar 2009 09:54:40 +0100 (CET)
Hello all, I'll need to use the EDITCAP to convert files from ASCII format to pcap format, I need a help about writing a C++ program, where I call the editpcap function, and where the input file must be located(in the same folder as the function editpcap?). Thanks for any help Send Wireshark-users mailing list submissions to > wireshark-users@xxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://wireshark.org/mailman/listinfo/wireshark-users > or, via email, send a message with subject or body 'help' to > wireshark-users-request@xxxxxxxxxxxxx > > You can reach the person managing the list at > wireshark-users-owner@xxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Wireshark-users digest..." > > > Today's Topics: > > 1. [Q] Filter filter expression for Android emulator. (???) > 2. Re: [Q] Filter filter expression for Android emulator. > (Guy Harris) > 3. Re: LTE MAC Packet capture in WireShark (Dinesh Arora) > 4. Re: [Q] Filter filter expression for Android emulator. > (Stephen Fisher) > 5. Re: Capturing stops although there is still network traffic > (Michael Naugk) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 19 Mar 2009 00:03:19 +0000 (GMT) > From: ??? <sj216.park@xxxxxxxxxxx> > Subject: [Wireshark-users] [Q] Filter filter expression for Android > emulator. > To: wireshark-users@xxxxxxxxxxxxx > Message-ID: <24976070.536331237420998987.JavaMail.weblogic@epml09> > Content-Type: text/plain; charset=euc-kr > > > Hi, all. > > I am just new to WireShark, and want to use it for sniffing traffic > between Android Emulator and my host computer. > I want to focus only on traffic between two. I use DDMS from Android ADT > for debugging, whose device monitoring serivces > listens on port from 8600. I would like to sniff traffic from one on port > 8600. > > How can I express capture filter string for this purpose? > Does anyone have a proper capture filter file, or a proper capture filter > string? > > thanks in advance > > Jong. > > > ------------------------------ > > Message: 2 > Date: Wed, 18 Mar 2009 17:28:59 -0700 > From: Guy Harris <guy@xxxxxxxxxxxx> > Subject: Re: [Wireshark-users] [Q] Filter filter expression for > Android emulator. > To: sj216.park@xxxxxxxxxxx, Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: <CA1D11CA-ADD8-4CD9-B4A1-2C3C9EA3DD90@xxxxxxxxxxxx> > Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes > > > On Mar 18, 2009, at 5:03 PM, ??? wrote: > >> I am just new to WireShark, and want to use it for sniffing traffic >> between Android Emulator and my host computer. >> I want to focus only on traffic between two. I use DDMS from Android >> ADT for debugging, whose device monitoring serivces >> listens on port from 8600. I would like to sniff traffic from one on >> port 8600. >> >> How can I express capture filter string for this purpose? > > I.e., you want to capture traffic to and from a particular host on > port 8600? > > That's > > host {host name or IP address of the host} and port 8600 > > For example, "host 19.202.41.87 and port 8600" if the host in question > has the IP address 19.202.41.87, or "host ddms-1 and port 8600" if the > host in question has the host name "ddms-1". > > You can use "tcp port 8600" if 8600 happens to be a TCP port or "udp > port 8600" if 8600 happens to be a UDP port. > > ------------------------------ > > Message: 3 > Date: Wed, 18 Mar 2009 17:33:54 -0700 (PDT) > From: Dinesh Arora <dineshk_arora@xxxxxxxxx> > Subject: Re: [Wireshark-users] LTE MAC Packet capture in WireShark > To: Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx>, Martin Mathieson > <martin.r.mathieson@xxxxxxxxxxxxxx> > Message-ID: <272697.52740.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="iso-8859-1" > > Hi Martin, > ? > Thanks for the initial clarfication. If you have any sample packet.out > file for LTE MAC then it will be helpful. > ? > I do not have any specific constraint to use a particular format and fine > with using something that is already supported and tested. > ? > My initial understanding was to make a simple TCP Client that is injecting > the packets to TCP Server:9999 with following format > ? > TCP Header + MAC LTE Info + MAC PDU > ? > Where, MAC PDU is the actual MAC message as per 36.321 and containing a > sequence of MAC Subheader + MAC Payload. > ? > It seems from your response that I need to create the above packet in > DCT2000 format (sample at > http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=dct2000_test.out?) > so that it can be first identified as LTE MAC PDU by WireShark. The packet > will be constructed as: > ? > TCP Header + DCT2000 Format indicating protocol as MAC_LTE + MAC LTE Info > + MAC PDU. > ? > Can you confirm if the release 1.1.6 supports MAC LTE protocol dissector? > ? > Regards, > Dinesh > ? > Regards, > Dinesh > ? > ? > > > --- On Wed, 3/18/09, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> > wrote: > > > From: Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> > Subject: Re: [Wireshark-users] LTE MAC Packet capture in WireShark > To: dineshk_arora@xxxxxxxxx, "Community support list for Wireshark" > <wireshark-users@xxxxxxxxxxxxx> > Date: Wednesday, March 18, 2009, 3:56 PM > > > Hi Dinesh, > > I don't think details about how the PDUs were framed were posted in the > previous discussion, so this is more of a dev question at the moment. > > Here are the extra pieces of information that MAC dissector currently uses > to help with the decode (this is taken from > epan/dissectors/packet-mac-lte.h) : > > /* radioType */ > #define FDD_RADIO 1 > #define TDD_RADIO 2 > > /* direction */ > #define DIRECTION_UPLINK?? 0 > #define DIRECTION_DOWNLINK 1 > > /* rntiType */ > #define NO_RNTI 0 > #define P_RNTI? 1 > #define RA_RNTI 2 > #define C_RNTI? 3 > #define SI_RNTI 4 > > > /* Context info attached to each LTE MAC frame */ > typedef struct mac_lte_info > { > ??? /* Needed for decode */ > ??? guint8????????? radioType; > ??? guint8????????? direction; > ??? guint8????????? rntiType; > > ??? /* Extra info to display */ > ??? guint16???????? rnti; > ??? guint16???????? ueid; > ??? guint16???????? subframeNumber; > ??? guint8????????? isPredefinedData; > ??? guint16???????? length; > ??? guint8????????? reTxCount; > } mac_lte_info; > > > So you'd need to define a header format that encoded some or all of these > fields before each frame.? A simple dissector would: > - read the header > - allocate a mac_lte_info struct and attach it to the frame > - call the mac-lte dissector for the payload > > For help with this see the function attach_mac_lte_info() in > epan/dissectors/packet-catapult-dct2000.c > > If you could provide details of how you're framing these PDUs and could > provide a sample capture, I should be able to help develop a simple > dissector that calls mac-lte. > > Best regards, > Martin > > > > > > On Tue, Mar 17, 2009 at 11:19 PM, Dinesh Arora <dineshk_arora@xxxxxxxxx> > wrote: > > > > > > > Hi, > ? > I am new to WireShark tool and joined this mailing list recently. > ? > I have seen some discussion in the list related to LTE-MAC/RLC/PDCP packet > layers monitoring using TCP port 9999. Can you please let me know some > sample packet formats that I can inject inside TCP packet containing some > LTE MAC PDUs and then see the live capture in WireShark? > ? > I want to make a tool that sends LTE MAC PDUs over TCP and this format > will help me in understanding that how it will be decoded by WireShark? > Unfortunately, Wiki does not have info related to the same. > ? > Thanks in Advance. > ? > Regards, > Dinesh > > ___________________________________________________________________________ > Sent via: ? ?Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: ? ?http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > ? ? ? ? ? ? > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe > > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.wireshark.org/lists/wireshark-users/attachments/20090318/cc305a6c/attachment.html > > ------------------------------ > > Message: 4 > Date: Wed, 18 Mar 2009 18:40:49 -0600 > From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx> > Subject: Re: [Wireshark-users] [Q] Filter filter expression for > Android emulator. > To: sj216.park@xxxxxxxxxxx, Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: <20090319004049.GA86401@xxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset=us-ascii > > On Thu, Mar 19, 2009 at 12:03:19AM +0000, ?????? wrote: > >> I am just new to WireShark, and want to use it for sniffing traffic >> between Android Emulator and my host computer. I want to focus only on >> traffic between two. I use DDMS from Android ADT for debugging, whose >> device monitoring serivces listens on port from 8600. I would like to >> sniff traffic from one on port 8600. >> >> How can I express capture filter string for this purpose? Does anyone >> have a proper capture filter file, or a proper capture filter string? > > Filtering what is captured, a capture filter: > > http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html > > Filtering after traffic is captured, a display filter: > > http://www.wireshark.org/docs/wsug_html_chunked/ChWorkDisplayFilterSection.html > > > Steve > > > ------------------------------ > > Message: 5 > Date: Thu, 19 Mar 2009 09:37:55 +0100 > From: Michael Naugk <zless@xxxxxxx> > Subject: Re: [Wireshark-users] Capturing stops although there is still > network traffic > To: Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: <200903190937.55990.zless@xxxxxxx> > Content-Type: text/plain; charset="iso-8859-1" > > Am Mittwoch 18 M?rz 2009 19:03:44 schrieb Guy Harris: >> On Mar 18, 2009, at 4:12 AM, Michael Naugk wrote: >> > I did some tests with ps and realized that the state of process >> > dumpcap >> > switches between S and R. Might that be a hint? >> >> I.e., once packets stop showing up, dumpcap is in state R? > > Actually not, I can not make a rule from that. sometimes is is in state R, > but > continues capturing. sometimes in state S and stopped (maybe I don't see > the > R, because I call ps every second) > > Do you think this is a pcap or wireshark problem? > Anything else I can try? > > tcpdump works fine, is there a way to use it for capturing in wireshark? > At > the moment I capture with tcpdump and open the file in wireshark. > > Kind Regards, > Michael > >> >> If so, there might be some loop it's stuck in, so that it's spinning >> rather than reading captured packets. >> > ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list >> <wireshark-users@xxxxxxxxxxxxx> >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe > > > > > ------------------------------ > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > End of Wireshark-users Digest, Vol 34, Issue 39 > *********************************************** >
- Follow-Ups:
- Re: [Wireshark-users] C++ program using"editcap"
- From: Guy Harris
- Re: [Wireshark-users] C++ program using"editcap"
- Prev by Date: [Wireshark-users] what is the upper limit of buffer size?
- Next by Date: Re: [Wireshark-users] LTE MAC Packet capture in WireShark
- Previous by thread: Re: [Wireshark-users] what is the upper limit of buffer size?
- Next by thread: Re: [Wireshark-users] C++ program using"editcap"
- Index(es):