Wireshark-users: [Wireshark-users] [Fwd: question format libcap X wireshark
From: "Zuleika Ferreira" <zuleika@xxxxxxxxxxxx>
Date: Mon, 11 Jan 2010 11:20:37 -0200 (BRST)
hi,
help me please!
i am writing the program for to write the file .pcap and to read with
wireshark, but when I try to open the file apreset the message: The file
"C:\dev\API\features\ss7.vargas\K3L\zupcaplog.pcap" is a capture for a
network type that Wireshark doesn't support.
(pcap: network type 43 unknown or unsupported).
The program is simple, is a test, and i dont understand why is the
problem. I used for network the type WTAP_ENCAP_MTP3 because the write in
this protocol.
===========================
/* Global Header Data */
#define MAGIC_NUMBER 0xa1b2c3d4
#define CURRENT_PCAP_MAJOR 2
#define CURRENT_PCAP_MINOR 4
#define ZONE_GMT 0
#define WTAP_ENCAP_MTP3 43
typedef unsigned int guint32;
typedef unsigned short guint16;
typedef signed int gint32;
typedef struct pcap_hdr_s {
guint32 magic_number; /* magic number */
guint16 version_major; /* major version number */
guint16 version_minor; /* minor version number */
gint32 thiszone; /* GMT to local correction */
guint32 sigfigs; /* accuracy of timestamps */
guint32 snaplen; /* max length of captured packets, in octets */
guint32 network; /* data link type */
} pcap_hdr_t;
/* Record Header Data */
typedef struct pcaprec_hdr_s {
guint32 ts_sec; /* timestamp seconds */
guint32 ts_usec; /* timestamp microseconds */
guint32 incl_len; /* number of octets of packet saved in file */
guint32 orig_len; /* actual length of packet */
} pcaprec_hdr_t;
KLoggerPCAP::KLoggerPCAP(const char* filename){
file = fopen(filename, "a");
//if (file == NULL)
// return runtime_error("[ERROR] opening file");
/* Write Global Header */
pcap_hdr_t header;
header.magic_number = MAGIC_NUMBER;
header.version_major = CURRENT_PCAP_MAJOR;
header.version_minor = CURRENT_PCAP_MINOR;
header.thiszone = ZONE_GMT;
header.sigfigs = 0;
header.snaplen = 0xFFFF;
header.network = WTAP_ENCAP_MTP3; /*See:
http://anonsvn.wireshark.org/wireshark/trunk/wiretap/libpcap.c */
writePCAP(&header, sizeof(pcap_hdr_t));
}
void KLoggerPCAP::writePCAP(const void* buffer, const size_t len){
int aux;
if (fwrite(buffer, len, 1, file) != 1)
{
aux =1; //test
}
else
{
aux =2; //test
}
}
void KLoggerPCAP::log_packet(const unsigned char* data, const size_t len){
unsigned int sec, usec;
#ifdef WIN32
struct _timeb timebuffer;
_ftime(&timebuffer);
sec = (unsigned int)timebuffer.time;
usec = ((unsigned int)timebuffer.millitm) * 1000;
#else
struct timeval time;
gettimeofday(&time, NULL);
sec = time.tv_sec;
usec = time.tv_usec;
#endif
pcaprec_hdr_t recHeader;
recHeader.ts_sec = sec;
recHeader.ts_usec = usec;
recHeader.incl_len = len;
recHeader.orig_len = len;
writePCAP(&recHeader, sizeof(pcaprec_hdr_t));
writePCAP(data, len);
}
KLoggerPCAP::~KLoggerPCAP() {
if (file != NULL)
fclose(file);
}
===========================
Zuleika O. Ferreira
desenvolvimento KHOMP
R. Joe Collaço, 163 www.khomp.com.br
Florianópolis | SC
+55 48 3722-2946
zuleika@xxxxxxxxxxxx
Zuleika O. Ferreira
desenvolvimento KHOMP
R. Joe Collaço, 163 www.khomp.com.br
Florianópolis | SC
+55 48 3722-2946
zuleika@xxxxxxxxxxxx
- Follow-Ups:
- Re: [Wireshark-users] [Fwd: question format libcap X wireshark
- From: Jeff Morriss
- Re: [Wireshark-users] [Fwd: question format libcap X wireshark
- Prev by Date: [Wireshark-users] Creating and Modifying Packets
- Next by Date: Re: [Wireshark-users] [Fwd: question format libcap X wireshark
- Previous by thread: Re: [Wireshark-users] Creating and Modifying Packets
- Next by thread: Re: [Wireshark-users] [Fwd: question format libcap X wireshark
- Index(es):