Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] HELP! - text file in GUI
From: "Gilbert Ramirez" <gram@xxxxxxxxxxxxxxx>
Date: Tue, 1 Aug 2006 13:33:56 -0700
Yes, you could treat any arbitrary piece of data as "packet" data and have a dissector put it into the wireshark GUI. Where the fake protocol should go in the protocol stack is entirely up to you. You could make it a "link layer", and have wiretap understand it as its own special file format, and to pass it as a new link layer to wireshark. Or, as you suggset, you could put some fake headers before the data and have wireshark pass it as a regular pcap file. In either case, you will need to write a new dissector to handle your fake protocol. --gilbert On 8/1/06, Priyanka Kamath <priyankakamath@xxxxxxxxx> wrote:
Hi All, I am planning to display a text file which contains some relevant information in the Wireshark GUI. My text file contains parameters as below: Mobile Number Source Destination Time Event Type I am trying to convert this to the pcap format by adding the pcap headers, record headers and dummy Ethernet, IP and UDP headers in front of the text content. Is this possible? Also, if i write a dissector to read the text fields, will it get displayed correctly in the GUI? Thanks a lot! -- Regards, Priyanka _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev
- References:
- [Wireshark-dev] HELP! - text file in GUI
- From: Priyanka Kamath
- [Wireshark-dev] HELP! - text file in GUI
- Prev by Date: Re: [Wireshark-dev] Typo in -i command line help
- Next by Date: Re: [Wireshark-dev] IPsec Dissector to decrypt ESP Payload
- Previous by thread: [Wireshark-dev] HELP! - text file in GUI
- Next by thread: [Wireshark-dev] GnuTLS on Windows
- Index(es):