This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Need “C” source code for converting packet data into PCAP format.

0

Hi,

I'm working for CISCO, we would like to convert the packet capture made in cisco routers into PCAP format, for that I would like to understand the PCAP format.

Please suggest how to convert the raw packet data into pcap format?

Thx Amby

asked 25 Jan '16, 06:38

Ambalavanan's gravatar image

Ambalavanan
6112
accept rate: 0%


3 Answers:

2

I would strongly recommend to use pcapng, as it

  • provides more space for additional information about the captured frames,

  • allows for multiple frame encapsulation types in a single file (so you can e.g. save frames from an HDLC channel and from an Ethernet interface),

  • etc.

If you insist, the traditional pcap is described here.

In both cases, the raw packet data need no conversion, they just need to be augmented with additional information and, in some cases, an appropriate encapsulation header.

(edit: updated the link to pcapng description with Jaap's up-to-date one, kept the advice to use pcapng).

answered 25 Jan '16, 06:50

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 25 Jan '16, 07:58

0

If using pcapng please use the current draft.

If going 'old school', use this specification.

answered 25 Jan '16, 07:52

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

edited 25 Jan '16, 08:07

grahamb's gravatar image

grahamb ♦
19.8k330206

0

Also, I think there's some router company some of whose equipment can export captures in pcap format; you might want to see if you can talk to the people responsible for that.

answered 25 Jan '16, 13:27

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%