Hi, I've captured wireless traffic using tool Omnipeek. This tool adds so much information about each packet (wireless flags and timestamps). And the capture gets saves as .pkt format by default. If I open the capture in wireshark, I don't see as much information I would see in omnipeek, but just basic information like packet length, data rate etc. I understand, wireshark may not have decoding information for what Omnipeek embedded for each packet. But I would like to create a dissector to see the same. But how do I first see that packet information as raw data, atleast? Then I would like to start working on dissecting that. In Summary: How do I see raw packet data added by wireshark/omnipeek/any-other-tool along with original packet? -ram asked 20 Apr '15, 10:12  Ramprasad |
2 Answers:
by opening the *.pkt file with a HEX editor and by reverse engineering that information. Regards answered 21 Apr '15, 14:14  Kurt Knochner ♦ |
Wireshark? Use, err, umm, Wireshark. OmniPeek? Use Wireshark 1.99.x, which handles a lot more of the OmniPeek metadata. Other tool? That depends on the tool. answered 20 Apr '15, 14:42  Guy Harris ♦♦ |
Thanks Kurt. It worked.
Thanks Guy Harris