Ethereal-dev: [Ethereal-dev] How to convert binary file to libpcap-style capture file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "David Francois" <davidfrancois19@xxxxxxxxxxx>
Date: Fri, 27 May 2005 13:40:42 -0400
Hi:


I have binary file which contains the raw data from telnet protocol. This binary file does not include lipcap_header, IP header and TCP header.

I want to add lipcap_header, IP header and TCP header at beginning of my binary file to convert this binary file in the lipcap cature file format, so that I can
use Ethereal.exe to open my binary file.

I tried to use text2pcap.exe to create libpcap-style capture file, but it does not work as below.

D:\EtherSource>text2pcap.exe -e 0x800 -m 64000 MyBinaryFile MyBinaryLipcapFile
Input from: MyBinaryFile
Output to: MyBinaryLipcapFile
Generate dummy Ethernet header: Protocol: 0x800
Read 0 potential packets, wrote 0 packets

Text2pcap can reads in an ASCII hex dump and writes the data described into a libpcap-style capture file.

I think text2pcap.exe can't read binary file.


what I want is to add the following information (in text2pcap.c) at beginning for the binary file to convert it to libpcap-style capture file:


/* "libpcap" file header (minus magic number). */
struct pcap_hdr {
   guint32	magic;		/* magic */
   guint16	version_major;	/* major version number */
   guint16	version_minor;	/* minor version number */
   guint32	thiszone;	/* GMT to local correction */
   guint32	sigfigs;	/* accuracy of timestamps */
   guint32	snaplen;	/* max length of captured packets, in octets */
   guint32	network;	/* data link type */
};

/* "libpcap" record header. */
struct pcaprec_hdr {
   gint32	ts_sec;		/* timestamp seconds */
   guint32	ts_usec;	/* timestamp microseconds */
   guint32	incl_len;	/* number of octets of packet saved in file */
   guint32	orig_len;	/* actual length of packet */
};

typedef struct {
   guint8  dest_addr[6];
   guint8  src_addr[6];
   guint16 l3pid;
} hdr_ethernet_t;

static hdr_ethernet_t HDR_ETHERNET = {
   {0x02, 0x02, 0x02, 0x02, 0x02, 0x02},
   {0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
   0};

typedef struct {
   guint8  ver_hdrlen;
   guint8  dscp;
   guint16 packet_length;
   guint16 identification;
   guint8  flags;
   guint8  fragment;
   guint8  ttl;
   guint8  protocol;
   guint16 hdr_checksum;
   guint32 src_addr;
   guint32 dest_addr;
} hdr_ip_t;
typedef struct {
   guint16 source_port;
   guint16 dest_port;
   guint32 seq_num;
   guint32 ack_num;
   guint8  hdr_length;
   guint8  flags;
   guint16 window;
   guint16 checksum;
   guint16 urg;
} hdr_tcp_t;

Can I use text2pcap.exe or any other program to convert binary file to libpcap-style capture file?


Thanks a lot for help.


David

_________________________________________________________________
Take charge with a pop-up guard built on patented Microsoft® SmartScreen Technology http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.