Re: How to read a .cap file

[Gilbert Ramirez <gram () alumni rice edu>]

You could use libpcap to read the file.
http://www.tcpdump.org/

I suppose you could even use the wiretap libary (part of the wireshark
distribution) to read it.

Or, you can use tshark -Tpdml to dissect the cap file and output XML, which
you can then parse.

See doc/README.xml-output in the wireshark distro. Also,
tools/WiresharkXML.py is a python library to read that pdml (xml) output.

Gilbert


On Fri, Feb 1, 2013 at 5:18 AM, José Roberto Bolognani <zebetao () gmail com>wrote:

> Hi all.
>
> I need to read inside the cap file but I need to know how.
>
> The situation is: My application is sending 5 requests (5 connections) per
> second and inside this requests there are a limit of items (108 in total),
> but sometimes there is situations where it goes over than 5 connections and
> consequently more than 108 items.
>
> I need to read this .caps collected from wireshark in a new app to summary
> this specific seconds where have more than 108 items per second.
>
> The point is how to read the cap files out of Wireshark and be possible to
> know the time it has left the network and read the package insisde.
>
> Can you guys help me?
>
> Thanks in advance.
>
> --
> José Roberto Bolognani
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe