Hi all, I am working to implement a protocol dissector in wireshark. I have the sample data of this protocol in some format which has data in the form of continuous bits not packets. Now to import this sample data and dissector I am planning to convert this data file into .pcap format. But now the problem is that in .pcap format, there are packets of data. But the data file I am having doesn't contains information in packets form. It just contains the data in form of bits as it comes on the bus. How shall I proceed? Does wireshark supports any such kind of concept of making packets from bits coming. P.S : To form the packets from my sample data file. I will have to see when Start of packet arrives and when end of packet and packetize the whole data between these two packets. Update : Now that I have written a tool to convert my data into .pcap format. How to proceed with the writing my protocol for decoding that data and How wireshark will know which protocol to use to decode the the content of this .pcap file?? This question is marked "community wiki". asked 01 Feb '12, 10:03 ashish_goel edited 02 Feb '12, 19:18 |
One Answer:
One way: Write s program to convert your data into a (packetized) format which can be read by text2pcap. text2pcap is a Wireshark tool: See the test2pcap man page. See How to dissect anything for the details. answered 01 Feb '12, 10:40 Bill Meier ♦♦ |
thanks for the reply bill.
But a confusion. Why do I need the test2pcap tool in between. If I have to write a tool at first to packetize data then I can write the complete tool converting my data file to .pcap format directly.
You are correct. Have your packet framer write out a pcap file straight away, easy enough.
thanks jaap. And how is this link "http://wiki.wireshark.org/HowToDissectAnything" useful for my problem?