Hi all, I am new to wireshark, I know that I am asking a silly doubt. in case of wireshark, once we start the capture we can dump each packet using pcap_dump() method. but how to retrieve a selected packet from dump file once we click on the selected row from listview in UI? Is there any offset for each packet? how can we get a pointer to each packet? How wireshark is giving the description of each packet once we select on row? thanks , sathish asked 30 Mar '15, 07:19  sathish308 |
One Answer:
pcap and pcap-ng files have a defined structure.
So, if you want to simulate the Wireshark behavior, you'll have to read all frames in memory and do the book keeping yourself. This means: You need to build an internal data structure in RAM which allows you to access every frame directly. The other way would be to simply read the capture file and "skip" to frame number x by reading and forgetting those frames you don't need. Please see PCAP programming tutorial on the net:
Regards answered 30 Mar '15, 08:10  Kurt Knochner ♦ edited 30 Mar '15, 08:11 |
hi, kurt
here I can do like this,
if I need 100th packet I can keep it in a while loop as int count=1; while(count<=100) { packet_next_ex(); count++; if(count==100) { then I can take the data;} } I can get the selected packet data. but, will it be good solution? if my requirement is 100000 packet, then loop has to run for 100000 times. I think it is time consuming process. can you suggest me which is good solution for it....
Please add more details (maybe with an example), as I don't understand what you are trying to do.