Wireshark mailing list archives
Re: saving data in pcap file format
From: Lange Jan-Erik <Jan-Erik.Lange () haw-hamburg de>
Date: Mon, 11 Oct 2010 15:21:32 +0200
Ok, in the documentation of winpcap I found the function pcap_dump_open(). It opens a file for another function ...loop() with captures packet and saves it in this file. But I have to open the file and have to write my data in this file.. not captureing it with this loop() function. It is possible to insert my data into a struct and then save this structure into a .pcap file? I need the "low-level" description of this file format. It should be possible to implement an own easy function to save the data. ________________________________________ Von: wireshark-dev-bounces () wireshark org [wireshark-dev-bounces () wireshark org] im Auftrag von Gregory Seidman [gsslist+wireshark () anthropohedron net] Gesendet: Montag, 11. Oktober 2010 13:53 An: wireshark-dev () wireshark org Betreff: Re: [Wireshark-dev] saving data in pcap file format On Mon, Oct 11, 2010 at 01:35:17PM +0200, Lange Jan-Erik wrote:
Hello, I want to analyze an usb datastream with wireshark. To record the data I use a proprietary development that uses libusb to receive the data. Ok, to analyze the data I want to use wireshark. Is there a way to save the recorded data as a *.pcap File? Is there a library I could use to write the data into a file? Can you an recommend overview about this file format? When I have this pcap file I would create a dissector plugin to dissect the data according to my protocoll.
You are looking for libpcap (or WinPcap on Windows). Works like a charm, and has lots of language bindings (I've used it with Ruby).
Best regards Jan
--Greg ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Gregory Seidman (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Andy Lawman (Oct 11)
- Re: saving data in pcap file format Guy Harris (Oct 11)
- Re: saving data in pcap file format Guy Harris (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Gregory Seidman (Oct 11)
- Re: saving data in pcap file format Jeff Morriss (Oct 11)
- Re: saving data in pcap file format Chris Maynard (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)
- Re: saving data in pcap file format Chris Maynard (Oct 11)
- Re: saving data in pcap file format Lange Jan-Erik (Oct 11)