Wireshark-dev: Re: [Wireshark-dev] Need help regarding interpreting a pcap file.
From: "Maynard, Chris" <[email protected]>
Date: Mon, 22 Feb 2010 22:24:16 -0500
If you're looking for information on the libpcap file format, you might find what you need here: http://wiki.wireshark.org/Development/LibpcapFileFormat.
 
But if you're looking for "a utility which should take the pcap as input and produce output on the screen in user freindly [sic] way.", well then look no further:  http://www.wireshark.org/download.html.  Well, OK there are plenty of other packet sniffers out there, so feel free to keeping looking.  Here's a start: http://en.wikipedia.org/wiki/Packet_analyzer#Notable_packet_analyzers.
 
Or maybe what you're really looking for is a way to add your own proprietary protocol dissector to Wireshark?  These should help you:
http://www.wireshark.org/docs/wsdg_html_chunked/
http://anonsvn.wireshark.org/viewvc/trunk/doc/README.developer?revision=31933&view=markup <http://anonsvn.wireshark.org/viewvc/trunk/doc/README.developer?revision=31933&view=markup> 
 
Good luck.
- Chris

________________________________

From: [email protected] on behalf of prashanth joshi
Sent: Mon 2/22/2010 9:49 PM
To: [email protected]
Subject: [Wireshark-dev] Need help regarding interpreting a pcap file.


Hi all,
 
what is the format fo the data stored in the pcaps?
I have got a requirement where in I need to read a pcap and then the contents of the packets need to be displayed on the screen. The packets have proprietary information. How do I go about this? Any suggestions would be heartily welcome. The requirement is that of a utility which should take the pcap as input and produce out put on the screen in user freindly way.
 
Regards,
Prashanth

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.

<<winmail.dat>>