What is the format of data in wireshark capture file? The data is 18 bytes in my file. How to find another data with the help of this. asked 05 Dec '13, 11:55  Rìýà ÐashöRìýã |
2 Answers:
Maybe the pcap file format description helps? I guess you're trying to parse frame content from a file in pcap format, which means that you need to read the file and frame headers, too. It's not just frame data in the files. See this page: http://wiki.wireshark.org/Development/LibpcapFileFormat answered 06 Dec '13, 01:06  Jasper ♦♦ edited 06 Dec '13, 01:07 |
Pcap and pcap-ng are the native file formats in Wireshark, although it can read a number of other file formats. Libpcap and WinPcap can read pcap files; libpcap 1.1 and later (but not WinPcap) can also read some pcap-ng files. Most programs that need to read pcap or pcap-ng files should use libpcap or WinPcap rather than trying to handle the file formats themselves. answered 06 Dec '13, 02:19  Guy Harris ♦♦ |
Not sure I understand your question. You want to programmatically extract 'data' from a packet capture file? And you need the layout of the pcap file format? Can you upload your file to http://www.cloudshark.org and explain what you need to achieve in more detail?
Yes! I need the layout probably! Actually the main question was to see one packet and write about its Ethernet frame. That will be my data 1. Next they asked data 2 is embedded in data 1. How to find this thing?
Could you please add more details about the questions asked? Maybe just post the original question here. Otherwise it is hard to understand what you really need.