Ask Your Question

Revision history [back]

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, then then, using epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is this even possible to implement what I want to or maybe there some better way to get my goal done?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I dont even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals. Thank You in advance.

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, then then, using epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is this even possible to implement what I want to or maybe there some better way to get my goal done?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I dont even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals. goals.

Thank You in advance.

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, then and then, using epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is this even possible to implement what I want to or maybe there some better way to get my goal done?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I dont even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals.

Thank You in advance.

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, and then, using the epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is this even possible to implement what I want to or maybe there some better way to get my goal done?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I dont even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals.

Thank You in advance.

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, and then, using the epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is this even possible to implement what I want to or maybe there is some better way to get my goal done?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I dont even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals.

Thank You in advance.

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, and then, using the epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is this even possible to implement what I want to or maybe there is some better way to get my goal done?done? Also extra question - Can I even use raw ethernet packet data as array of bytes, or epan framework works with .pcap files only?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I dont even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals.

Thank You in advance.

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, and then, using the epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is this even possible to implement what I want to or maybe there is some better way to get my goal done? done?

Also extra question - Can I even use raw ethernet packet data as array of bytes, or epan framework works with .pcap files only?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I dont even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals.

Thank You in advance.

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, and then, using the epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is this even possible to implement what I want to or maybe there is some better way to get my goal done?

Also few more extra question - questions:

  • Can I even use raw ethernet packet data as array of bytes, or epan framework works with .pcap files only?

  • How exactly WS gets data for the columns? For example _ws.col.Info column data generates dynamicly by WS or stores inside .pcap file in some kind of header?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I dont don't even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals.

Thank You in advance.

How to dissect an ethernet packet, that is an array of bytes

Hi. I want to make some kind of dll that can receive an ethernet packet as array of bytes, and then, using the epan framework dissect it (Get columns data, and details tree data) and then return this data to the caller as some JSON string or Xml string.

For now I finally understood the whole WS project structure and managed to build it. Still debugging and researching the code, but so far the solution I like is the rawshark one. It seems like does the same but from and pipe. But there is one issue with rawshark - for some reason it can not get _ws.col data, for example _ws.col.Info never was printed no matter I did. I'm still learning docs and googling about WS source code for 8 days long. But today I decided to actually ask - is ask:

  • Is this even possible to implement what I want to or maybe there is some better way to get my goal done?

Also few more extra questions:

  • Can I even use raw ethernet packet data as array of bytes, or epan framework works with .pcap files only?

  • How exactly WS gets data for the columns? For example _ws.col.Info column data generates dynamicly by WS or stores inside .pcap file in some kind of header?

Second solution I see for now it just use tshark's implementation but not sure, because it look like it uses much more code and libs and logic, I mean some internal stuff that I can't even understand e.g load some prefs when I don't even have any pref files on my disk and so on.

So, I would be grateful if somebody shows me the right way to reach my goals.

Thank You in advance.