Ask Your Question

Revision history [back]

Export capture log (inc. packet data) in a computer-friendly format

The most complete way to export capture log from Wireshark that I've found is plain text with packet data, e. g.:

No.     Time           Source                Destination           Protocol Length Info
    320 39.396245      192.168.31.98         192.168.31.84         PTP/IP   66     Init Event Request Connection #:1

Frame 320: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Apple_1b:40:6f (a0:99:9b:1b:40:6f), Dst: Canon_b7:b5:25 (60:12:8b:b7:b5:25)
Internet Protocol Version 4, Src: 192.168.31.98, Dst: 192.168.31.84
Transmission Control Protocol, Src Port: 53371, Dst Port: 15740, Seq: 1, Ack: 1, Len: 12
Picture Transfer Protocol
    Length: 12
    Packet Type: Init Event Request Packet (0x00000003)
    Connection Number: 1

0000  60 12 8b b7 b5 25 a0 99 9b 1b 40 6f 08 00 45 00   `....%[email protected]
0010  00 34 00 00 40 00 40 06 7a bd c0 a8 1f 62 c0 a8   [email protected]@.z....b..
0020  1f 54 d0 7b 3d 7c ac 90 76 78 00 24 86 01 50 18   .T.{=|..vx.$..P.
0030  ff ff 28 93 00 00 0c 00 00 00 03 00 00 00 01 00   ..(.............
0040  00 00

However, I need to parse all this data in software, and I'm not looking forward to parsing all this text back to structured binary data. Seems a waste of resources (mostly my time as a programmer) to export to plain text and then parse it all back, removing all the clutter. Isn't there a more machine-friendly way to export capture data (list of packets with their parsed headers and data content)?