Last night I was running some pcaps and wanted to analyze them at school today, so being a noob at wireshark and not seeing an obvious save option in the File menu i went down to export and selected C arrays since i guessed that that would be importable and would be the most specific save. Now today I'm looking around and I don't see any way to import it into wireshark, I did look at text2pcap but as far as I can tell it doesn't convert C arrays to pcaps. All help is appreciated! asked 30 Nov '10, 05:51  monks700 |
One Answer:
There is I gues if you really need the data from the C-arrays, you can write a C program that writes the packet data back to a libpcap based file. However, the c-arrays only contain the RAW packet data without the libpcap header (so no timestamps), you'd have to fabricate the libpcap headers (file header and packets headers) yourself. answered 30 Nov '10, 07:13  SYN-bit ♦♦ |
