convert txt packet data to pcap format to open it by Wireshark

java text converter pcap

12,140

Wireshark provides a command line pcap converter for Text Files:

https://www.wireshark.org/docs/man-pages/text2pcap.html

AutoHotkey solution:

; Change appropriate file locations
Run, %A_ProgramFiles%\ethereal\text2pcap.exe c:\test.txt c:\testconv.cap,%A_ProgramFiles%\ethereal

If you want to do a fully automated solution you can modify this function which actively watches a directory for file changes/creation.

http://www.autohotkey.com/board/topic/41653-watchdirectory/

12,140

Author by

Aniket

Hi I am Java and Android Developer. "It's not how you fall, but how you pick yourself up again"

Updated on June 25, 2022

Comments

Aniket almost 2 years

Hi I am working on application where I have to read live packets from network work on it. And display it in sophisticated way.

But problem is I have packet but it is in text file, so to open it by Wireshark I have to convert it in .pcap format.

So how can I convert packet in text to pcap format.

My text file format is like this shown below,

Frame:
Frame:          number = 0
Frame:       timestamp = 2014-02-13 09:39:11.288
Frame:     wire length = 174 bytes
Frame: captured length = 174 bytes
Frame:
Eth:  ******* Ethernet - "Ethernet" - offset=0 (0x0) length=14 
Eth: 
Eth:      destination = 01:00:5e:7f:ff:fa
Eth:                    .... ..0. .... .... = [0] LG bit
Eth:                    .... ...0 .... .... = [0] IG bit
Eth:           source = ec:9a:74:4d:8e:03
Eth:                    .... ..0. .... .... = [0] LG bit
Eth:                    .... ...0 .... .... = [0] IG bit
Eth:             type = 0x800 (2048) [ip version 4]
Eth: 
Ip:  ******* Ip4 - "ip version 4" - offset=14 (0xE) length=20 protocol suite=NETWORK
Ip: 
Ip:          version = 4
Ip:             hlen = 5 [5 * 4 = 20 bytes, No Ip Options]
Ip:         diffserv = 0x0 (0)
Ip:                    0000 00.. = [0] code point: not set
Ip:                    .... ..0. = [0] ECN bit: not set
Ip:                    .... ...0 = [0] ECE bit: not set
Ip:           length = 160
Ip:               id = 0x4CD1 (19665)
Ip:            flags = 0x0 (0)
Ip:                    0.. = [0] reserved
Ip:                    .0. = [0] DF: do not fragment: not set
Ip:                    ..0 = [0] MF: more fragments: not set
Ip:           offset = 0
Ip:              ttl = 0 [time to live]
Ip:             type = 17 [next: User Datagram]
Ip:         checksum = 0xB0AA (45226) [correct]
Ip:           source = 124.125.80.90
Ip:      destination = 239.255.255.250
Ip: 
Udp:  ******* Udp offset=34 (0x22) length=8 
Udp: 
Udp:           source = 58845
Udp:      destination = 1900
Udp:           length = 140
Udp:         checksum = 0x5154 (20820) [correct]
Udp: 
Data:  ******* Payload offset=42 (0x2A) length=132 
Data: 
002a: 4d 2d 53 45  41 52 43 48  20 2a 20 48  54 54 50 2f    M-SEARCH * HTTP/
003a: 31 2e 31 0d  0a 48 6f 73  74 3a 32 33  39 2e 32 35    1.1..Host:239.25
004a: 35 2e 32 35  35 2e 32 35  30 3a 31 39  30 30 0d 0a    5.255.250:1900..
005a: 53 54 3a 75  72 6e 3a 73  63 68 65 6d  61 73 2d 75    ST:urn:schemas-u
006a: 70 6e 70 2d  6f 72 67 3a  64 65 76 69  63 65 3a 57    pnp-org:device:W
007a: 41 4e 43 6f  6e 6e 65 63  74 69 6f 6e  44 65 76 69    ANConnectionDevi
008a: 63 65 3a 31  0d 0a 4d 61  6e 3a 22 73  73 64 70 3a    ce:1..Man:"ssdp:
009a: 64 69 73 63  6f 76 65 72  22 0d 0a 4d  58 3a 33 0d    discover"..MX:3.
00aa: 0a 0d 0a 00

C_B about 9 years

Is there any Java solutions??
Konstantin Gribov about 9 years

I didn't see any. It's simple and specific problem, so perl/bash/python/ruby can be good languages to solve it.