This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Call wireshark 3gpp decoder in a python script

0

Hi ,

As we already have a 3gpp decoder by wireshark to decode 3gpp messages, I need to call this decoder in my python script to decode a hex dump provided to the program as an input and write the decoded result in a text file. Is there any API for this decoder to use or any other way to do this?

asked 20 Apr '16, 05:43

shayaan_xd's gravatar image

shayaan_xd
6113
accept rate: 0%


One Answer:

1

I would say your best bet is to create a pcap file from the hex data and then use tshark to convert the pcap file into a text file containing dissections of the packets. If you have the hex records offline, there is text2pcap which does the first step (hex -> pcap) for you on the command line, or you can do the same using Wireshark (the GUI version).

If you need to receive and process the hex records live as they come in (which does not seem likely as the required final product is a text file), you'd need to feed text2pcap from a pipe and send its output to tshark using another pipe, and I'm not sure whether this is actually possible. So you might have to replace text2pcap by your Python script doing the same. When capturing from a named pipe, tshark needs the data in pcap format, so you'd have to generate the pcap file header once and then convert the received hex dumps into binary packet data with timestamps. It is not a big deal as the pcap file structure is not complex and it is well documented.

answered 20 Apr '16, 07:55

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Thanks sindy, Can you simplify it more ? I have 100's of hex and i need information of 2 Information elements out of them from each hex.

(20 Apr '16, 21:14) shayaan_xd
1

In concept:

  • Have the python script 'print' the hex lines to a file
  • assuming they're in a format text2pcap understands, you then do a system call to the 'text2pcap' (Wireshark executable) to receive the hex dump and generate an output pcap file
  • do a system call to the "tshark" executable (another Wireshark executable, installed typically with Wireshark itself). In that system call, you can make use of tshark's access to Wireshark's dissector intelligence (see the man page, it supports many useful output options, in this case possibly the -T fields and -e flags may be all you need).
  • Have the python script use that output as desired.
  • Have python unlink/delete the temporary files generated by the script above.

Aside from that answer you might also consider 'pyshark' instead of the tshark system calls (a python plugin for use of these tools within python).

(20 Apr '16, 21:29) Quadratic