Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-dev: Re: [Wireshark-dev] develop a tool to parse captured file

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Tue, 3 Jul 2007 11:00:24 +0400

Hello Yefim,

For the Ethereal native file format (libpcap/WindPcap), this is a starting point: http://wiki.wireshark.org/Development/LibpcapFileFormat

Alternately, you could convert the captures to PDML format (an XML based format) which would make the packets easier to process (as in simpler code), but generate tons of data.

Hope this helps.

Good luck!
Abhik.

On 7/3/07, Yefim Rozenkrants <yrozenkrants@xxxxxxxxxxxxxxx> wrote:

I need to extract from capture file ( saved with ethereal) packet streams to different computers in the local network. Therefore I need to parse the capture file. I would like to get an advice how to start this project. What is the capture file structure and where I can find it. The development will be in windows environment (visual studio 2005).

Any advice will be kindly appreciated

Thanks Yefim

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

References:
- [Wireshark-dev] develop a tool to parse captured file
  - From: Yefim Rozenkrants

Prev by Date: Re: [Wireshark-dev] develop a tool to parse captured file
Next by Date: Re: [Wireshark-dev] Windows build crashing
Previous by thread: Re: [Wireshark-dev] develop a tool to parse captured file
Next by thread: [Wireshark-dev] how to disable dissectors when I build TShark ?
Index(es):
- Date
- Thread