mailing list archives
Re: Fileshark (AKA Dissecting Files with Wireshark)
From: Guy Harris <guy () alum mit edu>
Date: Fri, 21 Jun 2013 10:56:22 -0700
On Jun 20, 2013, at 11:57 PM, Michal Labedzki <michal.labedzki () tieto com> wrote:
3. What about files like *.pcap, *.pcapng, btsnoop, etc.? In Wireshark will be easy to firstly dissect it by file
Possibly, possibly not. If a file dissector can do *everything* that a libwiretap module can (including supporting
random access), and not show the user the details of how packets happen to be represented in this particular file
format (which isn't interesting to somebody looking at network traffic), then yes, otherwise no.
and then call protocol dissector: in results everything is in place. In Fileshark we dissect, for example PCAP
format, and see undecoded block?
In Wireshark, you would see packets and possibly other records as items in the list. You would *not* see, for example,
any file header the file has or the underlying layout of the record headers; you'd only see the relevant data items
from the header, and the record data, in a file-format-independent fashion. Some records might be read by Wireshark
but not displayed in the packet list.
In Fileshark, you would see the file header as one item, and each record as an item, showing all the record details as
fields. All records would be shown.
Whether, in Fileshark, the contents of packet records should be dissected as packets is a good point for discussion.
4. What about streams? For example Android Binary (Logcat/Logger) logs come as never-ending stream. Also Linux Kernel
Messages (aka /dev/kmsg) [note: I finish work in PCAP and Wireshark]. Where is right place for it? I guess in
Wireshark because we can capture then in the same way like Bluetooth, USB, network packets.
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Re: Fileshark (AKA Dissecting Files with Wireshark) Dirk Jagdmann (Jun 21)
Re: Fileshark (AKA Dissecting Files with Wireshark) Joerg Mayer (Jun 25)