Wireshark · Ethereal-users: Re: [Ethereal-users] Accessing libpcap file contents

Ethereal-users: Re: [Ethereal-users] Accessing libpcap file contents

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Thu, 02 Dec 2004 03:00:15 -0800

Mina sina wrote:

I want to access contents of a libpcap file for the purpose of runningqueries of my own interest which are not supported by Ethereal. What youguys can suggest for me to do so. What environment will be good for it.


What kind of queries are you doing?

Some programs might exist that can read libpcap files and do what you'retrying to do, depending on what you're trying to do.

Otherwise, you'll either have to write your own program to read thefile, or modify Ethereal to support it, for example by adding a tap.

Writing your own program might require a lot of work, as all libpcapwill do for you will be to read the file and packet headers, and giveyou, for each packet, a time stamp, a captured data length, a raw datalength, and the raw packet data (the number of bytes being the captureddata length) - you'll have to do all the dissection of the raw packetdata yourself.

References:
- [Ethereal-users] Accessing libpcap file contents
  - From: Mina sina

Prev by Date: Re: [Ethereal-users] Gbps ethereal functionality check
Next by Date: RE: [Ethereal-users] Gbps ethereal functionality check
Previous by thread: [Ethereal-users] Accessing libpcap file contents
Next by thread: [Ethereal-users] Are There any Bandwidth Limts for Ethereal ?!
Index(es):
- Date
- Thread