[Winpcap-users] Layout of binary files
Guy Harris
guy at alum.mit.edu
Tue Jul 4 17:40:18 GMT 2006
Joao Rosa wrote:
> Could you please send me the layout of the inputs binary files of tethereal
> or the layout of the file of the sniffed with windump.
Both are standard libpcap/WinPcap format.
This means, not surprisingly, that libpcap/WinPcap can read them. The
easiest way to read them is not to write your own code to read that file
format; it's easier to use libpcap/WinPcap to read them, by using
pcap_open_offline() to open the file, and pcap_loop() or a loop with
pcap_next() or, in newer versions of libpcap/WinPcap, pcap_next_ex() to
read the packets.
> I have a scenario with about 26 media gateways, and I need to sort the
> date by time and by media gateway and afterwards translate the call with
> tethereal
"Sort" in the sense of "put in a particular sequence", or "sort" in the
sense of "extract"?
I.e., do you want to split the data into different files for different
calls by selecting packets that arrived at particular times and that
used particular gateways?
If so, then, regardless of whether you write your own code to read the
files or use libpcap/WinPcap, you still have a lot more work to do,
because you'll have to parse the packet data to determine what media
gateway is used. libpcap/WinPcap will *NOT* do that for you.
You might, however, be able to use tethereal with a "read filter" to
extract the packets you're interested in. It can read a file in
libpcap/WinPcap format and write out another file in the same format
with a subset of the packets, so the output file is guaranteed to be no
larger than the input file.
More information about the Winpcap-users
mailing list