This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I see raw packet information data added by Capture tool?

1

Hi,

I've captured wireless traffic using tool Omnipeek. This tool adds so much information about each packet (wireless flags and timestamps). And the capture gets saves as .pkt format by default. If I open the capture in wireshark, I don't see as much information I would see in omnipeek, but just basic information like packet length, data rate etc.

I understand, wireshark may not have decoding information for what Omnipeek embedded for each packet. But I would like to create a dissector to see the same. But how do I first see that packet information as raw data, atleast? Then I would like to start working on dissecting that.

In Summary: How do I see raw packet data added by wireshark/omnipeek/any-other-tool along with original packet?

-ram

asked 20 Apr '15, 10:12

Ramprasad's gravatar image

Ramprasad
20101115
accept rate: 0%


2 Answers:

0

In Summary: How do I see raw packet data added by wireshark/omnipeek/any-other-tool along with original packet?

by opening the *.pkt file with a HEX editor and by reverse engineering that information.

Regards
Kurt

answered 21 Apr '15, 14:14

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks Kurt. It worked.

Thanks Guy Harris

(22 Apr '15, 11:08) Ramprasad

0

How do I see raw packet data added by wireshark/omnipeek/any-other-tool along with original packet?

Wireshark? Use, err, umm, Wireshark.

OmniPeek? Use Wireshark 1.99.x, which handles a lot more of the OmniPeek metadata.

Other tool? That depends on the tool.

answered 20 Apr '15, 14:42

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%