Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help importing custom data to libpcap file??

From: Alex Lindberg <alindber () yahoo com>
Date: Fri, 24 Sep 2010 15:38:32 -0700 (PDT)
My intent is to import some detailed logging data into a libpcap file then create wireshark dissectors to evaluate the 
log data.
The log data is composed of ASCII hex values that represent various types of messages. These messages are taken from 
the data, control and packet buss of our equipment.  Each of these messages have a well defined bit orientated 
structures that can be mapped in to the first few layers of the OSI stack (datalink, network, transport and session).  
I want to use Wireshark as my decoding platform.
Thus I need to read an ASCII file containing time stamp information and the ASCII HEX version of these messages and 
create a libpcap file so they can be read by Wireshark and my custom dissectors.
I have created a number of custom dissectors for our custom IP packets and I want to extend these dissectors to cover 
these messages in the log files.
Any guidance you could provide would be very helpful.
Alex Lindberg
--- On Fri, 9/24/10, Guy Harris <guy () alum mit edu> wrote:

From: Guy Harris <guy () alum mit edu>
Subject: Re: [Wireshark-dev] Help importing custom data to libpcap file??
To: "Developer support list for Wireshark" <wireshark-dev () wireshark org>
Date: Friday, September 24, 2010, 4:46 PM


On Sep 24, 2010, at 2:43 PM, Alex Lindberg wrote:


I would like to create a libpcap formated file based on custom data formats, NOT from a live capture stream.  I will 
also build custom dissectors for this data and use a user defined packet type.

Any suggestions?


My first suggestion would be to think whether you need a libpcap-formatted file.  If the custom data format isn't a 
form of protocol traffic, it's not necessarily what you want.

What type of data is the custom data?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



      
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: