The most complete way to export capture log from Wireshark that I've found is plain text with packet data, e. g.:
No. Time Source Destination Protocol Length Info
320 39.396245 192.168.31.98 192.168.31.84 PTP/IP 66 Init Event Request Connection #:1
Frame 320: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Apple_1b:40:6f (a0:99:9b:1b:40:6f), Dst: Canon_b7:b5:25 (60:12:8b:b7:b5:25)
Internet Protocol Version 4, Src: 192.168.31.98, Dst: 192.168.31.84
Transmission Control Protocol, Src Port: 53371, Dst Port: 15740, Seq: 1, Ack: 1, Len: 12
Picture Transfer Protocol
Length: 12
Packet Type: Init Event Request Packet (0x00000003)
Connection Number: 1
0000 60 12 8b b7 b5 25 a0 99 9b 1b 40 6f 08 00 45 00 `....%[email protected].
0010 00 34 00 00 40 00 40 06 7a bd c0 a8 1f 62 c0 a8 .4..@[email protected]..
0020 1f 54 d0 7b 3d 7c ac 90 76 78 00 24 86 01 50 18 .T.{=|..vx.$..P.
0030 ff ff 28 93 00 00 0c 00 00 00 03 00 00 00 01 00 ..(.............
0040 00 00
However, I need to parse all this data in software, and I'm not looking forward to parsing all this text back to structured binary data. Seems a waste of resources (mostly my time as a programmer) to export to plain text and then parse it all back, removing all the clutter. Isn't there a more machine-friendly way to export capture data (list of packets with their parsed headers and data content)?
