convert txt packet data to pcap format to open it by Wireshark
Wireshark provides a command line pcap converter for Text Files:
https://www.wireshark.org/docs/man-pages/text2pcap.html
AutoHotkey solution:
; Change appropriate file locations
Run, %A_ProgramFiles%\ethereal\text2pcap.exe c:\test.txt c:\testconv.cap,%A_ProgramFiles%\ethereal
If you want to do a fully automated solution you can modify this function which actively watches a directory for file changes/creation.
http://www.autohotkey.com/board/topic/41653-watchdirectory/
Aniket
Hi I am Java and Android Developer. "It's not how you fall, but how you pick yourself up again"
Updated on June 25, 2022Comments
-
Aniket almost 2 years
Hi I am working on application where I have to read live packets from network work on it. And display it in sophisticated way.
But problem is I have packet but it is in text file, so to open it by Wireshark I have to convert it in .pcap format.
So how can I convert packet in text to pcap format.
My text file format is like this shown below,
Frame: Frame: number = 0 Frame: timestamp = 2014-02-13 09:39:11.288 Frame: wire length = 174 bytes Frame: captured length = 174 bytes Frame: Eth: ******* Ethernet - "Ethernet" - offset=0 (0x0) length=14 Eth: Eth: destination = 01:00:5e:7f:ff:fa Eth: .... ..0. .... .... = [0] LG bit Eth: .... ...0 .... .... = [0] IG bit Eth: source = ec:9a:74:4d:8e:03 Eth: .... ..0. .... .... = [0] LG bit Eth: .... ...0 .... .... = [0] IG bit Eth: type = 0x800 (2048) [ip version 4] Eth: Ip: ******* Ip4 - "ip version 4" - offset=14 (0xE) length=20 protocol suite=NETWORK Ip: Ip: version = 4 Ip: hlen = 5 [5 * 4 = 20 bytes, No Ip Options] Ip: diffserv = 0x0 (0) Ip: 0000 00.. = [0] code point: not set Ip: .... ..0. = [0] ECN bit: not set Ip: .... ...0 = [0] ECE bit: not set Ip: length = 160 Ip: id = 0x4CD1 (19665) Ip: flags = 0x0 (0) Ip: 0.. = [0] reserved Ip: .0. = [0] DF: do not fragment: not set Ip: ..0 = [0] MF: more fragments: not set Ip: offset = 0 Ip: ttl = 0 [time to live] Ip: type = 17 [next: User Datagram] Ip: checksum = 0xB0AA (45226) [correct] Ip: source = 124.125.80.90 Ip: destination = 239.255.255.250 Ip: Udp: ******* Udp offset=34 (0x22) length=8 Udp: Udp: source = 58845 Udp: destination = 1900 Udp: length = 140 Udp: checksum = 0x5154 (20820) [correct] Udp: Data: ******* Payload offset=42 (0x2A) length=132 Data: 002a: 4d 2d 53 45 41 52 43 48 20 2a 20 48 54 54 50 2f M-SEARCH * HTTP/ 003a: 31 2e 31 0d 0a 48 6f 73 74 3a 32 33 39 2e 32 35 1.1..Host:239.25 004a: 35 2e 32 35 35 2e 32 35 30 3a 31 39 30 30 0d 0a 5.255.250:1900.. 005a: 53 54 3a 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 ST:urn:schemas-u 006a: 70 6e 70 2d 6f 72 67 3a 64 65 76 69 63 65 3a 57 pnp-org:device:W 007a: 41 4e 43 6f 6e 6e 65 63 74 69 6f 6e 44 65 76 69 ANConnectionDevi 008a: 63 65 3a 31 0d 0a 4d 61 6e 3a 22 73 73 64 70 3a ce:1..Man:"ssdp: 009a: 64 69 73 63 6f 76 65 72 22 0d 0a 4d 58 3a 33 0d discover"..MX:3. 00aa: 0a 0d 0a 00
-
C_B about 9 yearsIs there any Java solutions??
-
Konstantin Gribov about 9 yearsI didn't see any. It's simple and specific problem, so perl/bash/python/ruby can be good languages to solve it.