Wireshark mailing list archives

Re: Importing raw application protocol data with Wireshark

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Fri, 15 Sep 2017 08:18:34 +0200

... or “Import from Hex Dump” in Wireshark itself (it’s basically the same thing).

On 14 Sep 2017, at 15:53, Abhik Sarkar <sarkar.abhik () gmail com> wrote:

text2pcap might help, provider the application layer itself has a dissector in Wireshark. 

From https://www.wireshark.org/docs/wsug_html/#AppToolstext2pcap 
<https://www.wireshark.org/docs/wsug_html/#AppToolstext2pcap>:
"text2pcap also allows the user to read in dumps of application-level data, by inserting dummy L2, L3 and L4 headers 
before each packet..."

See also: https://wiki.wireshark.org/HowToDissectAnything <https://wiki.wireshark.org/HowToDissectAnything>.

On 14 September 2017 at 15:28, Jack Guest <anonimusul () gmail com <mailto:anonimusul () gmail com>> wrote:
Hi,

Is there any straightforward way of importing from a file
application-layer protocol data that lacks transport headers (i.e
lacks link-layer, internet-layer and transport-layer headers) in order
to be able to use an existing Wireshark protocol dissector to view and
analyze the application protocol raw data?


If not, what would it take to add such feature to Wireshark or the other tools?

Thanks,
Jack
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
<https://www.wireshark.org/mailman/options/wireshark-users>
             mailto:wireshark-users-request () wireshark org <mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Importing raw application protocol data with Wireshark Jack Guest (Sep 14)
- Re: Importing raw application protocol data with Wireshark Ahmad Fatoum (Sep 14)
- Re: Importing raw application protocol data with Wireshark Abhik Sarkar (Sep 14)
  - Re: Importing raw application protocol data with Wireshark Jaap Keuter (Sep 14)
- Re: Importing raw application protocol data with Wireshark Jeff Morriss (Sep 14)