I am using Wireshark 1.10.6 to analyse my pcap file. pcap is human readable once loaded in wireshark but the "payload" is not. It has been compressed using LZO algorithm and I intent to use a utility that could decompress the LZO payload and change it to human readable format. Currently it is in hexa format, as shown in the picture below The data is from NSE Exchange. Steps for decompression have been given on https://www.nseindia.com/content/press/Realtime_CM_L1.pdf page#29 What would be the best way to make the whole pcap file human readable, I am sure this is a pretty common procedure used by many hft firms to track their orders Update 1: I dumped the log as C arrays file, which looks something like below, and my aim is to make it readable.
asked 21 Jan '17, 01:03  hftguy edited 23 Jan '17, 03:38 |
One Answer:
What you need is a dissector for the payload, these a a fundamental aspect of Wireshark, that's how the rest of the data in the packet (Ethernet/IP/TCP) can be displayed in "human readable format". See the wiki page on Development, then decide how you will create your dissector. You can use C (all the "built-in" dissectors use C), Lua or for simpler protocols WSGD. If you're able to program in C, then using that will produce the highest performing dissector (load and filter times will be faster), else start with Lua. answered 21 Jan '17, 05:53  grahamb ♦ |
