Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] decoding packet data payload?
From: Malcolm Herbert <mjch@xxxxxxxx>
Date: Mon, 5 May 2008 22:54:36 +1000
On Sun, May 04, 2008 at 11:03:54PM -0700, Guy Harris wrote: |Malcolm Herbert wrote: |> In this case it seems that there's a 1:1 relationship between HDLC frame |> and TCP packet, | |If, for any protocol running atop TCP, there is a 1:1 relationship |between a TCP segment and a packet for that protocol, it should be |assumed to be the result of pure luck understood ... it just seems to be the way it's implemented in userppp from looking at the packet traces ... |> actually this seems to be the most feasible - I already have most of the |> code to do this bit already. Is there any documentation to tell me what |> format Wireshark expects data to be in on stdin? | |libpcap format - either use pcap_dump_open() and pcap_dump() in libpcap, |or see | | http://wiki.wireshark.org/Development/LibpcapFileFormat excellent ... ta -- Malcolm Herbert This brain intentionally mjch@xxxxxxxx left blank
- References:
- [Wireshark-users] decoding packet data payload?
- From: Malcolm Herbert
- Re: [Wireshark-users] decoding packet data payload?
- From: Guy Harris
- Re: [Wireshark-users] decoding packet data payload?
- From: Malcolm Herbert
- Re: [Wireshark-users] decoding packet data payload?
- From: Guy Harris
- [Wireshark-users] decoding packet data payload?
- Prev by Date: Re: [Wireshark-users] decoding packet data payload?
- Next by Date: Re: [Wireshark-users] Capture hardware
- Previous by thread: Re: [Wireshark-users] decoding packet data payload?
- Next by thread: Re: [Wireshark-users] Question Regarding Capture Interpretation
- Index(es):