Hi everyone! Somebody tried to parse raw files of wireshark? You can read and parse the file and display the most? asked 03 Dec '13, 04:15  Larush |
One Answer:
The "raw" file is pcap or pcap-ng a binary format containing the raw frame as seen by the capture device roughly speaking. Several capture application can read pcap(-ng) files. Not sure what you are realy asking. Yes you can create your own application to read libpcap files and display that in a GUI but it's a lot of work. answered 03 Dec '13, 05:47  Anders ♦ |
because I do not like GUI wireshark, think to use it only for the formation of the raw file (for example, every 10 seconds). A different program (may be own) to read files and display them on the screen of the content may by block 10 seconds.