Opening an exported file

Last night I was running some pcaps and wanted to analyze them at school today, so being a noob at wireshark and not seeing an obvious save option in the File menu i went down to export and selected C arrays since i guessed that that would be importable and would be the most specific save. Now today I'm looking around and I don't see any way to import it into wireshark, I did look at text2pcap but as far as I can tell it doesn't convert C arrays to pcaps. All help is appreciated!

import c export array

asked 30 Nov '10, 05:51

monks700
1●1●1●1
accept rate: 0%

One Answer:

oldest newest most voted

There is "File -> Save" in the menu, it's even above the Export option. That is the way to save packets for later analysis.

I gues if you really need the data from the C-arrays, you can write a C program that writes the packet data back to a libpcap based file. However, the c-arrays only contain the RAW packet data without the libpcap header (so no timestamps), you'd have to fabricate the libpcap headers (file header and packets headers) yourself.

link

answered 30 Nov '10, 07:13

SYN-bit ♦♦
12.2k●8●41●174
accept rate: 18%

Your answer

toggle preview

community wiki

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

export ×23
import ×8
array ×5
c ×2

Asked: 30 Nov '10, 05:51

Seen: 1,102 times

Last updated: 30 Nov '10, 07:13

Opening an exported file

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions