 | 1 | initial version |
If you want to see the pcapng file format data, rather than just the captured packet data, newer versions of Wireshark have a "Reload as File Format/Capture" menu item in the View menu - it causes the file to be dissected as a single entity by Wireshark's pcap file or pcapng file dissectors.
(Yes, this is sort of the beginning of Fileshark....)
I don't know what the "40 page white paper is", but the pcapng specification is probably the first place anybody writing a pcapng reader or writer should go; reverse engineering shouldn't be necessary (although I did reverse-engineer the Sun snoop reader in Wireshark because I didn't know about RFC 1761 at the time).
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
