Whether Wireshark will be more than protocol analyser? Currently it is, but is it official way? Wireshark can open files like MP3, JPG, GIF, PNG and XMLs. Could we treat Wireshark as "file format analyser"? Than can be added support to open text-file and binary files? Is it possible to send file format dissector? (for example ".tar", ".dll"). It will be nice to see that features. asked 17 Apr '13, 04:50 Michal Labedzki |
2 Answers:
Wireshark is first and foremost a protocol analyzer. But its dissection engine architecture however is so flexible that one can envision it having a higher abstraction as 'record analyzer'. These records come in from a source, being a pipe from dumpcap, a (capture) file contents from wiretap or otherwise. That is where your experiments come into view. You open, through wiretap, files containing records, which the dissection engine happen to know how to handle. It's very important to understand the distinction between file and record format. JPEG is the record format, while JFIF is the file format (even the Joint Picture Experts Group missed this and forgot to specify JFIF). Same goes for MP3. TLDR; At best the dissection engine in Wireshark / Tshark is a record analyzer, where Wireshark / Tshark are tailored to network protocols. File formats are just containers for records, these won't be analyzed. answered 17 Apr '13, 07:58 Jaap ♦ |
Wireshark cannot open files like MP3, JPG etc, it can extract those file types from network packets contained in capture/trace files. The file formats Wireshark reads are listed here: http://wiki.wireshark.org/FileFormatReference answered 17 Apr '13, 04:56 Jasper ♦♦ edited 17 Apr '13, 04:57 |
Actually:
:-)
Okay, learning something new every day… but what is this good for? I guess it’s some sort of dissector test?
Anyway, lesson learned and documented at http://blog.packet-foo.com/2013/04/learning-something-new-every-day/ :-)