Where Can I Find The Packet Display Stream File(s)

asked 2020-04-28 06:12:32 +0000

Ninny
1 ●1

updated 2020-04-28 19:33:09 +0000

Hello,

I had to make an account to ask this important question, as I want to make a little project that visualizes the traffic of all the packets that are flowing through the UI stream. In doing this, I want the stream to be posted to a text file (or something similar of the sort) that can be read and displayed on a user's browser. In order for me to do that, I have to go up the river to find out where the water is coming from, if you get what I mean.

However, I have had a lot of trouble finding the file(s) that contain the process of posting each discovered packet. I also looked hard through the forms here to see if I could find out myself, but I hardly made any progress. Would someone mind telling me where I need to look?

Maybe I should put it like this: I don't have concern for what's in the packet, but rather how/where WireShark detects the packet. Sorry if there was some confusion.

edit retag flag offensive close merge delete

add a comment

answered 2020-04-28 07:34:20 +0000

Guy Harris
19890 ●3 ●633 ●207

I want the stream to be posted to a text file

Do you mean output of the form you get by running "tshark -V" or by saving dissections as text from Wireshark? If so, then...

I have had a lot of trouble finding the file(s) that contain the process of posting each discovered packet

..that's because there is no such file. The raw packet data is either in the file you're reading or in the file that Wireshark or TShark runs its "dumpcap" program to produce and that it reads as new packets arrive in it, but it contains raw binary packet data, not anything even remotely human-readable as network traffic (unless you're the sort of person who sees "08 00" and says "OK, that's an Ethernet type for IPv4" or sees "45" and says "OK, that's the first byte of an IPv4 header" :-)).

TShark will write text containing that to the standard output - it will give one-line summaries of packets, similar to what's in the packet list pane, by default, and will give the details, similar to what's in the packet detail pane, if you pass it the "-V" flag - if you don't save to a file with the "-w" flag or if you do save to a file with the "-w" flag but you also give it the "-P" flag. To save that to a file, redirect TShark's standard output.

Wireshark will write that text if you use the Export Packet Dissections > As Plain Text... menu item and specify what parts of the dissection to write out.

edit flag offensive delete link

Comments

I believe either of those options would be good for me to try, but I don't know how to make it happen.

Ninny ( 2020-04-28 16:47:51 +0000 )edit

As I said, you need to run TShark with the right command-line options. The rest of the project isn't a Wireshark issue.

Guy Harris ( 2020-04-28 17:37:17 +0000 )edit

Maybe I should put it like this: I don't have concern for what's in the packet, but rather how/where WireShark detects the packet. Sorry if there was some confusion.

Ninny ( 2020-04-28 19:32:41 +0000 )edit

What do you mean by "detects the packet"? Do you mean captures the packet, i.e. gets a copy of the packet from a network interface, as happens during a live capture?

Guy Harris ( 2020-04-28 23:28:19 +0000 )edit

Like it realizes "Oh! A packet just came!"

I'm trying to make a visualization of the packets going to and fro addresses, but I don't actually need to see what each packet contains.

Ninny ( 2020-04-29 03:06:30 +0000 )edit

see more comments

Where Can I Find The Packet Display Stream File(s)

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Where Can I Find The Packet Display Stream File(s) edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Where Can I Find The Packet Display Stream File(s)