Wireshark-dev: [Wireshark-dev] convert ASCII files to Pcap files whithout using Text2pcap
From: "SOLTANI FATEN" <Faten.Soltani@xxxxxxxxxxxxxxxxxx>
Date: Tue, 17 Mar 2009 09:36:52 +0100
Hi everybody I want to convert an ASCII file to Pcap file, without using Text2pcap, for example using Perl or another tool. I am open to any proposal Best regards -----Message d'origine----- De : wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] De la part de wireshark-dev-request@xxxxxxxxxxxxx Envoyé : mardi 17 mars 2009 00:30 À : wireshark-dev@xxxxxxxxxxxxx Objet : Wireshark-dev Digest, Vol 34, Issue 31 Send Wireshark-dev mailing list submissions to wireshark-dev@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-dev or, via email, send a message with subject or body 'help' to wireshark-dev-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-dev-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-dev digest..." Today's Topics: 1. buildbot failure in Wireshark (development) on OSX-10.5-ppc (buildbot-no-reply@xxxxxxxxxxxxx) 2. Re: Using Wireshark packet parsers and pretty printers (Ulisses Ara?jo Costa) 3. Re: Hello to the list and a nested dissector (Gaetano Vocca) 4. buildbot failure in Wireshark (development) on Solaris-10-SPARC (buildbot-no-reply@xxxxxxxxxxxxx) 5. buildbot failure in Wireshark (development) on Ubuntu-7.10-x86-64 (buildbot-no-reply@xxxxxxxxxxxxx) 6. buildbot failure in Wireshark (development) on OSX-10.5-x86 (buildbot-no-reply@xxxxxxxxxxxxx) 7. Re: [Wireshark-commits] rev 27748: /trunk/plugins/profinet/ /trunk/plugins/profinet/: Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c packet-pn-rt.c (Joerg Mayer) 8. Re: [Wireshark-commits] rev 27748:/trunk/plugins/profinet/ /trunk/plugins/profinet/:Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmakepacket-dcerpc-pn-io.c packet-pn-rt.c (Anders Broman) 9. buildbot failure in Wireshark (development) on OSX-10.5-ppc (buildbot-no-reply@xxxxxxxxxxxxx) 10. Re: [Wireshark-commits] rev 27748: /trunk/plugins/profinet/ /trunk/plugins/profinet/: Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c packet-pn-rt.c (Guy Harris) 11. Re: [Wireshark-commits] rev 27748: /trunk/plugins/profinet/ /trunk/plugins/profinet/: Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c packet-pn-rt.c (Ulf Lamping) ---------------------------------------------------------------------- Message: 1 Date: Mon, 16 Mar 2009 12:05:57 -0700 From: buildbot-no-reply@xxxxxxxxxxxxx Subject: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-ppc To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <20090316190557.78821A8903@xxxxxxxxxxxxxxxxxx> The Buildbot has detected a new failure of OSX-10.5-ppc on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-ppc/builds/709 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-ppc Build Reason: Build Source Stamp: HEAD Blamelist: etxrab BUILD FAILED: failed compile sincerely, -The Buildbot ------------------------------ Message: 2 Date: Mon, 16 Mar 2009 19:44:00 +0000 From: Ulisses Ara?jo Costa <ulissesaraujocosta@xxxxxxxxx> Subject: Re: [Wireshark-dev] Using Wireshark packet parsers and pretty printers To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <f14391bc0903161244n6b708395rb6cad199d71bbf1@xxxxxxxxxxxxxx> Content-Type: text/plain; charset=ISO-8859-1 Thank you for your answers. For now I will start to use the PDML file. Later on I will try to do it using the Wireshark API. On Tue, Mar 10, 2009 at 01:27, Guy Harris <guy@xxxxxxxxxxxx> wrote: > > On Mar 9, 2009, at 5:27 PM, Richard Sharpe wrote: > >> At each layer it extracts the fields it needs and puts them into the >> protocol tree or the columns, however, there is no library that allows >> you to parse a packet and then say: >> >> ? give me the value of the field tcp.flags or smb.fid or so forth >> >> Ethereal is not organized that way. > > Well, not *entirely* true, but it's not as if there's some library > that lets you do that *conveniently*. > > In reasonably recent versions of Ethereal - and thus in all versions > of Wireshark, as the "epan" library was created before the program was > renamed from Ethereal to Wireshark - the library (called "libethereal" > in Ethereal, and "libwireshark" in Wireshark) has routines: > > ? ? ? ?epan_init() - initializes the library; > > ? ? ? ?epan_dissect_new() - allocates an epan_dissect_t structure to hold > the context of a dissection, and returns a pointer to it; > > ? ? ? ?epan_dissect_prime_dfilter() - tells the library which fields you'll > need to look at (although the API is *really* oriented towards > "display filters" so you can't just do it by giving it the names of > the fields); > > ? ? ? ?epan_dissect_run() - hand it an epan_dissect_t, the pseudo-header for > the packet as returned by *another* Wireshark library (libwiretap), > the raw packet data for the packet (as returned by libwiretap), and > some other information; > > ? ? ? ?epan_dissect_free() - releases the epan_dissect_t when you're done > with the dissection and have extracted the information you want from > the result. > > The values of the fields can be found by looking in the protocol tree > pointed to by the "tree" member of the epan_dissect_t; you'd have to > walk through the tree looking for instances of the fields. > > As one can tell from the number of places where I just waved my hands > rather than giving details, this is rather complicated. ?The library > was *not* designed to be used by arbitrary applications, so the API is > somewhat oriented towards its use in Wireshark and TShark. > > And, just to add to the complication, I didn't mention that Wireshark > dissector maintain state between packets, which they might require in > order to properly dissect packets, so somebody would want to use > libwiretap to read an entire capture file, calling epan_dissect_new()/ > epan_dissect_prime_dfilter()/epan_dissect_run()/epan_dissect_free() on > each of the packets. > > So I'm not sure it's possible to have a "simple" program that uses > it. ?It might be easier to have TShark read the capture file and > produce a version of the protocol tree as PDML, and have the program > read the PDML file, as Stephen Donnelly suggested. > ___________________________________________________________________________ > Sent via: ? ?Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> > Archives: ? ?http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > ? ? ? ? ? ? mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe > -- Ulisses Costa - http://caos.di.uminho.pt/~ulisses/ ------------------------------ Message: 3 Date: Mon, 16 Mar 2009 20:50:25 +0100 From: Gaetano Vocca <yagvoc-web@xxxxxxxx> Subject: Re: [Wireshark-dev] Hello to the list and a nested dissector To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <DD95D8EA-EFD1-4BC4-B56E-8CB46BA2CCA8@xxxxxxxx> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Thank you Anders for your answer. I have already parsed the asn by means of asn2wrs, I have also developed the dissection of the header, afterwards I use the call_tcap_dissector function from the asn1/tcap dissector to have the TCAP layer decoded and, in the end, I need to decode the TCAP component by means of my ASN1 protocol. Now what I don't know is how to retrieve the Component content from the parsed TCAP and pass it to the dissection of the inner protocol. Thanks again Gaetano ------------------------------ Message: 4 Date: Mon, 16 Mar 2009 13:33:26 -0700 From: buildbot-no-reply@xxxxxxxxxxxxx Subject: [Wireshark-dev] buildbot failure in Wireshark (development) on Solaris-10-SPARC To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <20090316203326.52B8392000@xxxxxxxxxxxxxxxxxx> The Buildbot has detected a new failure of Solaris-10-SPARC on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Solaris-10-SPARC/builds/1289 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: solaris-10-sparc Build Reason: Build Source Stamp: HEAD Blamelist: etxrab,guy,tuexen BUILD FAILED: failed compile sincerely, -The Buildbot ------------------------------ Message: 5 Date: Mon, 16 Mar 2009 15:19:58 -0700 From: buildbot-no-reply@xxxxxxxxxxxxx Subject: [Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-7.10-x86-64 To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <20090316221958.3C5C38B022@xxxxxxxxxxxxxxxxxx> The Buildbot has detected a new failure of Ubuntu-7.10-x86-64 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Ubuntu-7.10-x86-64/builds/789 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: ubuntu-7.10-x86 Build Reason: Build Source Stamp: HEAD Blamelist: etxrab,guy,martinm,tuexen,ulfl,wmeier BUILD FAILED: failed compile sincerely, -The Buildbot ------------------------------ Message: 6 Date: Mon, 16 Mar 2009 15:32:03 -0700 From: buildbot-no-reply@xxxxxxxxxxxxx Subject: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86 To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <20090316223203.B586EDE742@xxxxxxxxxxxxxxxxxx> The Buildbot has detected a new failure of OSX-10.5-x86 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-x86/builds/1948 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-x86 Build Reason: Build Source Stamp: HEAD Blamelist: ulfl BUILD FAILED: failed compile sincerely, -The Buildbot ------------------------------ Message: 7 Date: Mon, 16 Mar 2009 23:45:40 +0100 From: Joerg Mayer <jmayer@xxxxxxxxx> Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 27748: /trunk/plugins/profinet/ /trunk/plugins/profinet/: Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c packet-pn-rt.c To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <20090316224540.GF17636@xxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=us-ascii On Mon, Mar 16, 2009 at 09:40:03PM +0000, ulfl@xxxxxxxxxxxxx wrote: > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=27748 > crc16 algorithm copied from Linux sources (GPL V2 only!) So far the wireshark sources are v2 or later - so adding a gplv2 only file is not something that should be done without asking *first*, because it has effects for all of Wireshark. Or maybe there already were files that are v2 only and I missed that? Ciao Joerg -- Joerg Mayer <jmayer@xxxxxxxxx> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ------------------------------ Message: 8 Date: Mon, 16 Mar 2009 23:56:37 +0100 From: "Anders Broman" <a.broman@xxxxxxxxx> Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 27748:/trunk/plugins/profinet/ /trunk/plugins/profinet/:Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmakepacket-dcerpc-pn-io.c packet-pn-rt.c To: "'Developer support list for Wireshark'" <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <4688C2F8058B4A229FDA886D1F4E49A3@dittcb7aa3551c> Content-Type: text/plain; charset="iso-8859-1" Hi, Isn't there a couple of crc versions in epan? /Anders -----Ursprungligt meddelande----- Fr?n: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] F?r Joerg Mayer Skickat: den 16 mars 2009 23:46 Till: wireshark-dev@xxxxxxxxxxxxx ?mne: Re: [Wireshark-dev] [Wireshark-commits] rev 27748:/trunk/plugins/profinet/ /trunk/plugins/profinet/:Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmakepacket-dcerpc-pn-io.c packet-pn-rt.c On Mon, Mar 16, 2009 at 09:40:03PM +0000, ulfl@xxxxxxxxxxxxx wrote: > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=27748 > crc16 algorithm copied from Linux sources (GPL V2 only!) So far the wireshark sources are v2 or later - so adding a gplv2 only file is not something that should be done without asking *first*, because it has effects for all of Wireshark. Or maybe there already were files that are v2 only and I missed that? Ciao Joerg -- Joerg Mayer <jmayer@xxxxxxxxx> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe ------------------------------ Message: 9 Date: Mon, 16 Mar 2009 16:12:08 -0700 From: buildbot-no-reply@xxxxxxxxxxxxx Subject: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-ppc To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <20090316231208.AAC96B04F4@xxxxxxxxxxxxxxxxxx> The Buildbot has detected a new failure of OSX-10.5-ppc on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-ppc/builds/713 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-ppc Build Reason: Build Source Stamp: HEAD Blamelist: ulfl BUILD FAILED: failed compile sincerely, -The Buildbot ------------------------------ Message: 10 Date: Mon, 16 Mar 2009 16:18:06 -0700 From: Guy Harris <guy@xxxxxxxxxxxx> Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 27748: /trunk/plugins/profinet/ /trunk/plugins/profinet/: Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c packet-pn-rt.c To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <5EBA2CB6-3C8A-419C-A922-0F42CC0B4E8D@xxxxxxxxxxxx> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes On Mar 16, 2009, at 3:45 PM, Joerg Mayer wrote: > On Mon, Mar 16, 2009 at 09:40:03PM +0000, ulfl@xxxxxxxxxxxxx wrote: >> http://anonsvn.wireshark.org/viewvc/viewvc.cgi? >> view=rev&revision=27748 >> crc16 algorithm copied from Linux sources (GPL V2 only!) > > So far the wireshark sources are v2 or later - so adding a gplv2 > only file > is not something that should be done without asking *first*, because > it > has effects for all of Wireshark. Or maybe there already were files > that > are v2 only and I missed that? Is the only difference between the CRC16 in PROFINET and the ITU-T CRC16 implemented in epan/crc16.c the polynomial? It looks as if the algorithm is the same in the PROFINET CRC16 and the "reflected" ITU-T CRC16: crc = initial value; for (all bytes in the buffer) crc = (crc >> 8) ^ table[(crc ^ byte from buffer) & 0xff]; return crc; so it might just be the table. If so, could we just generate the appropriate table for the PROFINET polynomial, have epan/crc16.c export crc16_reflected(), and have the PROFINET CRC16 routine use crc16_reflected() and the appropriate table? ------------------------------ Message: 11 Date: Tue, 17 Mar 2009 00:29:13 +0100 From: Ulf Lamping <ulf.lamping@xxxxxx> Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 27748: /trunk/plugins/profinet/ /trunk/plugins/profinet/: Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c packet-pn-rt.c To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <49BEE0C9.1020605@xxxxxx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Joerg Mayer schrieb: > On Mon, Mar 16, 2009 at 09:40:03PM +0000, ulfl@xxxxxxxxxxxxx wrote: >> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=27748 >> crc16 algorithm copied from Linux sources (GPL V2 only!) > > So far the wireshark sources are v2 or later - so adding a gplv2 only file > is not something that should be done without asking *first*, because it > has effects for all of Wireshark. Or maybe there already were files that > are v2 only and I missed that? I had in mind that we already have GPL V2 only files in Wireshark before, but I may be wrong here. I can remove the two "GPL V2 only" files, as this is "only" a CRC16 expert check here. That is the CCITT implementation of CRC16 which is not already existing in Wireshark AFAIK. Having the CCITT CRC16 in Wireshark would be probably a good idea anyway. Some time ago when I actually implemented the stuff I couldn't find a GPL V2 or later implementation. Question is: How to continue? Regards, ULFL ------------------------------ _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-dev End of Wireshark-dev Digest, Vol 34, Issue 31 *********************************************
- Prev by Date: Re: [Wireshark-dev] SNMPv3 auth/priv password length
- Next by Date: Re: [Wireshark-dev] Hello to the list and a nested dissector
- Previous by thread: Re: [Wireshark-dev] SNMPv3 auth/priv password length
- Next by thread: [Wireshark-dev] one possible way to speed up filtering
- Index(es):
- Get Wireshark
- Download
- Code of Conduct