Wireshark-users: [Wireshark-users] [Fwd: question format libcap X wireshark

From: "Zuleika Ferreira" <zuleika@xxxxxxxxxxxx>
Date: Mon, 11 Jan 2010 11:20:37 -0200 (BRST)
hi,
help me please!

i am writing the program for to write the file .pcap and to read with
wireshark, but when I try to open the file apreset the message: The file
"C:\dev\API\features\ss7.vargas\K3L\zupcaplog.pcap" is a capture for a
network type that Wireshark doesn't support.
(pcap: network type 43 unknown or unsupported).

The program is simple, is a test, and i dont understand why is the
problem. I used for network the type WTAP_ENCAP_MTP3 because the write in
this protocol.

===========================

/* Global Header Data */
#define MAGIC_NUMBER		0xa1b2c3d4
#define CURRENT_PCAP_MAJOR	2
#define CURRENT_PCAP_MINOR	4
#define	ZONE_GMT		0
#define WTAP_ENCAP_MTP3 43

typedef unsigned int guint32;
typedef unsigned short guint16;
typedef signed int gint32;

typedef struct pcap_hdr_s {
  guint32   magic_number;  	/* magic number */
  guint16 version_major; /* major version number */
  guint16 version_minor; /* minor version number */


  gint32  thiszone;       		/* GMT to local correction */
  guint32 sigfigs;        	/* accuracy of timestamps */
  guint32 snaplen;        	/* max length of captured packets, in octets */
  guint32 network;        	/* data link type */
} pcap_hdr_t;

/* Record Header Data */
typedef struct pcaprec_hdr_s {
  guint32 ts_sec;         /* timestamp seconds */
  guint32 ts_usec;        /* timestamp microseconds */
  guint32 incl_len;       /* number of octets of packet saved in file */
  guint32 orig_len;       /* actual length of packet */
} pcaprec_hdr_t;



KLoggerPCAP::KLoggerPCAP(const char* filename){
    file = fopen(filename, "a");
    //if (file == NULL)
      //  return runtime_error("[ERROR] opening file");

    /* Write Global Header */
    pcap_hdr_t header;
    header.magic_number = MAGIC_NUMBER;
    header.version_major = CURRENT_PCAP_MAJOR;
    header.version_minor = CURRENT_PCAP_MINOR;
    header.thiszone = ZONE_GMT;
    header.sigfigs = 0;
    header.snaplen = 0xFFFF;
    header.network = WTAP_ENCAP_MTP3; /*See:
http://anonsvn.wireshark.org/wireshark/trunk/wiretap/libpcap.c */
    writePCAP(&header, sizeof(pcap_hdr_t));
}

void KLoggerPCAP::writePCAP(const void* buffer, const size_t len){
    int aux;
    if (fwrite(buffer, len, 1, file) != 1)
    {
        aux =1; //test
    }
    else
    {
        aux =2; //test
    }
}

void KLoggerPCAP::log_packet(const unsigned char* data, const size_t len){
    unsigned int sec, usec;

#ifdef WIN32
    struct _timeb timebuffer;
    _ftime(&timebuffer);
    sec = (unsigned int)timebuffer.time;
    usec = ((unsigned int)timebuffer.millitm) * 1000;
#else
  struct timeval time;
  gettimeofday(&time, NULL);
  sec = time.tv_sec;
  usec = time.tv_usec;
#endif

    pcaprec_hdr_t recHeader;
    recHeader.ts_sec  = sec;
    recHeader.ts_usec = usec;
    recHeader.incl_len = len;
    recHeader.orig_len = len;
    writePCAP(&recHeader, sizeof(pcaprec_hdr_t));
    writePCAP(data, len);
}

KLoggerPCAP::~KLoggerPCAP() {
  if (file != NULL)
    fclose(file);
}

===========================


Zuleika O. Ferreira
desenvolvimento                               KHOMP


R. Joe Colla�o, 163                     www.khomp.com.br
Florian�polis | SC
+55 48 3722-2946
zuleika@xxxxxxxxxxxx



Zuleika O. Ferreira
desenvolvimento                               KHOMP


R. Joe Colla�o, 163                     www.khomp.com.br
Florian�polis | SC
+55 48 3722-2946
zuleika@xxxxxxxxxxxx