Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Using Wireshark packet parsers and pretty printers

From: Ulisses Araújo Costa <ulissesaraujocosta@xxxxxxxxx>
Date: Mon, 9 Mar 2009 20:14:40 +0000
Hello,

I'm doing a project where I need to parse some packets (HTTP and some
protocols for databases).
I start doing this using the tcpdump library, and after that start to
parse all the nested packets like that:

Ethernet -> TCP/UDP -> IPv4/IPv6 -> Application packet

I've done part of this job using the Haskell programming language, the
problem is to start obtain information about the relation of the
packets (like temporal relation, or others). I see that wireshark
already does that job. And in fact parse all the data from one packet,
and have a great pretty printer.

I start to read manuals for developers, and unfortunately did not find
anything that really help me.

My question is: Could you show to me a simple program that take a
input tcpdump file (Coud also be in Online mode), and just return the
structure of the parsed packets?

Thank you,


-- 
Ulisses Costa - http://caos.di.uminho.pt/~ulisses/