Wireshark-dev: Re: [Wireshark-dev] Human Readable and Reversible (XML output?)
From: Jaap Keuter <[email protected]>
Date: Wed, 15 Nov 2006 08:10:07 +0100 (CET)

How about:
 tshark -x > capture.txt
 security review
 text2pcap capture.txt capture.pcap

With the loss of timestamp info though.


On Tue, 14 Nov 2006, frap puccino wrote:

> I work for the Navy and because some of our lab captures are done in a
> secret/classified environment, in order to remove the traces from the lab,
> we need to make them human readable to ensure to security officials that
> there isn't secret data hidden in the traces.  Although we could provide
> "tcpdump -w" output, the problem we have is that we'd still like to be able
> to use analyzer tools that require libpcap format data after the data leaves
> the secret/classified lab.  So we are looking into ways to translate libpcap
> binary outputs to readable text then back to libpcap binary format.
> We were hoping someone has already written a utility that would translate
> libpcap output into something human readable, such as xml, and perhaps there
> would then be a capability to translate it back to libpcap format too.  If
> anyone has heard about something out there that does this, please let us
> know.
> Any feedback on other ideas to make this work would be appreciated.
> Thanks for your help.