This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Opening an exported file

0

Last night I was running some pcaps and wanted to analyze them at school today, so being a noob at wireshark and not seeing an obvious save option in the File menu i went down to export and selected C arrays since i guessed that that would be importable and would be the most specific save. Now today I'm looking around and I don't see any way to import it into wireshark, I did look at text2pcap but as far as I can tell it doesn't convert C arrays to pcaps. All help is appreciated!

asked 30 Nov '10, 05:51

monks700's gravatar image

monks700
1111
accept rate: 0%


One Answer:

1

There is "File -> Save" in the menu, it's even above the Export option. That is the way to save packets for later analysis.

I gues if you really need the data from the C-arrays, you can write a C program that writes the packet data back to a libpcap based file. However, the c-arrays only contain the RAW packet data without the libpcap header (so no timestamps), you'd have to fabricate the libpcap headers (file header and packets headers) yourself.

answered 30 Nov '10, 07:13

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%