[Winpcap-users] Reassemble fragmented packets
Guy Harris
guy at alum.mit.edu
Sun May 25 22:51:54 GMT 2008
Richard Horton wrote:
> Just need to see how then to extract the packet data I'm interested in
> to a seperate comma seperated file
>
> (In a nutshell: the TCP/IP convo I'm interested in contains a routing
> table dump of the form <net ip> <net mask> <ospf cost>, I need a csv
> version of this info so I can compare actual data against what our
> monitoring tools display.)
Unfortunately, the standard CSV dump in Wireshark/TShark probably can't
handle that case, as, presumably, the packets have *multiple* triples of
that sort, so you probably want *multiple* CSV items per packet.
What you could do is write a tap for TShark that would write out the
three values to the standard output.
For information on writing taps, see doc/README.tapping and the "Writing
Wireshark Dissectors_Advanced" and "Extending the Wireshark UI"
presentations from Sharkfest '08:
http://www.cacetech.com/SHARKFEST.08/
Further questions should be asked on the wireshark-dev at wireshark.org
mailing list.
More information about the Winpcap-users
mailing list