Ask Your Question
0

Export capture log (inc. packet data) in a computer-friendly format

asked 2018-12-26 06:33:49 +0000

AlexDoe gravatar image

The most complete way to export capture log from Wireshark that I've found is plain text with packet data, e. g.:

No.     Time           Source                Destination           Protocol Length Info
    320 39.396245      192.168.31.98         192.168.31.84         PTP/IP   66     Init Event Request Connection #:1

Frame 320: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Apple_1b:40:6f (a0:99:9b:1b:40:6f), Dst: Canon_b7:b5:25 (60:12:8b:b7:b5:25)
Internet Protocol Version 4, Src: 192.168.31.98, Dst: 192.168.31.84
Transmission Control Protocol, Src Port: 53371, Dst Port: 15740, Seq: 1, Ack: 1, Len: 12
Picture Transfer Protocol
    Length: 12
    Packet Type: Init Event Request Packet (0x00000003)
    Connection Number: 1

0000  60 12 8b b7 b5 25 a0 99 9b 1b 40 6f 08 00 45 00   `....%[email protected].
0010  00 34 00 00 40 00 40 06 7a bd c0 a8 1f 62 c0 a8   .4..@[email protected]..
0020  1f 54 d0 7b 3d 7c ac 90 76 78 00 24 86 01 50 18   .T.{=|..vx.$..P.
0030  ff ff 28 93 00 00 0c 00 00 00 03 00 00 00 01 00   ..(.............
0040  00 00

However, I need to parse all this data in software, and I'm not looking forward to parsing all this text back to structured binary data. Seems a waste of resources (mostly my time as a programmer) to export to plain text and then parse it all back, removing all the clutter. Isn't there a more machine-friendly way to export capture data (list of packets with their parsed headers and data content)?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-12-26 08:26:03 +0000

Anders gravatar image

Export as PDML?

edit flag offensive delete link more

Comments

Or JSON for that matter.

Jaap gravatar imageJaap ( 2018-12-26 09:19:29 +0000 )edit

No idea how I overlooked that. It's still not perfect, but much better. Thanks.

AlexDoe gravatar imageAlexDoe ( 2018-12-26 09:48:05 +0000 )edit

If you can suggest another format that would be closer to what you want, perhaps you should offer that as an enhancement request on the Wireshark Bugzilla.

Guy Harris gravatar imageGuy Harris ( 2018-12-26 20:41:10 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-12-26 06:33:49 +0000

Seen: 416 times

Last updated: Dec 26 '18

Related questions

displayed packets counter differs between bottom right corner and "File -> Export Specified Packets"

Save packet data as hex string

Export capture file

How can I export my hexdump to a file that contains the data in a binary format?

displayed packets unmatched when trying to export

How can I export UDP payload without using the slow Follow UDP Stream method

Filter out TCP data and export capture

Problems while exporting to csv

Exporting RTP packets to WAV

Wireshark export PDUs for decrypted TLS data

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2