Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] wslua: reading raw file?

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Wed, 9 Apr 2008 19:30:03 +0200
So, That's not called a dissector but a file format.

And NO, lua cannot be used to describe file formats. That would had
been simply sluggish (at least the attemt I gave to it besides being
an ugly hack it was simply unusable).

If the file format is of general interest would be probably better
written in C anyway. In the other case the best solution is to write a
script to convert those files into libpcap format, and use one of the
USER_DLTs.

Luis

On Wed, Apr 9, 2008 at 7:00 PM, Németh Márton <nm127@xxxxxxxxxxx> wrote:
> Guy Harris wrote:
>  > Németh Márton wrote:
>  >
>  >> I started to use wslua and succeed to write a simple dissector on
>  >> ethernet level. I created a .pcap header and copied my raw file after
>  >> it.
>  >>
>  >> Is it possible using wslua to open a raw file which is not supported
>  >> by Wireshark, yet?
>  >
>  > Creating a libpcap-format file header and writing after it packets that
>  > don't have libpcap-format packet headers is a waste of time; if you want
>  > to write a file that programs that read libpcap format can read, put the
>  > libpcap-format file header at the beginning of the file and then put
>  > libpcap-format packet headers in front of the packet data for each
>  > packet, and if you just want a raw file, just write out the raw file
>  > without the libpcap-format headers - without libpcap-format per-packet
>  > headers, the libpcap-format file header won't help you.
>
>  I don't really understand your point, maybe I did not describe well what
>  I would like to do. I would like to write a dissector which is similar to
>  how Wireshark can open .mp3 files. The .mp3 files don't have libpcap headers
>  at all, but Wireshark can handle them.
>
>  My question is that is it possible to create a dissector which reads a
>  raw file without libpcap header?
>
>         Márton Németh
>
>
> _______________________________________________
>  Wireshark-dev mailing list
>  Wireshark-dev@xxxxxxxxxxxxx
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan