StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPcap file decoding in Haskell
text
Body
copied!<p>I am trying to decode a <a href="http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=udp_lite_full_coverage_0.pcap" rel="nofollow">pcap file</a> and its working fine except couple of things. </p> <pre><code>import Network.Pcap import System.IO import Control.Monad callfun f = do ( p , q ) <- next f print $ hdrSeconds p print $ hdrCaptureLength p print $ hdrWireLength p print q when ( hdrWireLength p /= 0 ) $ callfun f main = do f <- openOffline "udp_lite_full_coverage_0.pcap" callfun f </code></pre> <p>I want the time return by hdrSeconds p [ time to capture ] in same format as in wireshark [ Date : Month : Year Hour : Min : Sec ] and data return by variable q in Ascii format.Kindly tell me how to do this. <br> Actually i was trying to parse pcap file to display its content in almost similar manner to wireshark without libpcap library [ purely in haskell by opening the pcap file in binary format and read byte by byte ] but i could not get any further. Could some please put the guide map for this project like what to read , how to approach , any thing which you feel would be helpful . <br></p> <p>Edit: I started writing this application but there is some thing missing. I read this file <a href="http://www.viste.com/Linux/Server/WireShark/libpcapformat.pdf" rel="nofollow">http://www.viste.com/Linux/Server/WireShark/libpcapformat.pdf</a> and it say that first 24 bytes are global headers , after that every packet contains pcap local header . What i am trying to do is , first trying to get the bytes of data in each packet by reading the third field incl_len in local header but my code is not behaving as it suppose . My test libcap <a href="http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=udp_lite_normal_coverage_8-20.pcap" rel="nofollow">file</a>. </p> <pre><code>--http://www.viste.com/Linux/Server/WireShark/libpcapformat.pdf import Data.List import qualified Data.ByteString.Lazy as BS import qualified Data.ByteString.Lazy.Char8 as B import Control.Monad import Text.Printf import Data.Word import Data.Char import System.Time import Numeric import System.Environment hexTodec :: BS.ByteString -> Integer hexTodec lst = read $ "0x" ++ ( concatMap ( \x -> showHex x "" ) $ BS.unpack lst ) parseFile :: BS.ByteString -> Bool -> IO [ BS.ByteString ] parseFile xs revflag | BS.null xs = return [] | otherwise = do let ind =if revflag then hexTodec . BS.reverse . BS.take 4 . BS.drop 8 $ xs else hexTodec . BS.take 4 . BS.drop 8 $ xs print ind let ( x , ys ) = BS.splitAt ( fromIntegral ind ) xs --BS.putStrLn $ x tmp <- parseFile ys revflag return $ x : tmp main = do [ file ] <- getArgs contents <- BS.readFile file let ( a , rest ) = BS.splitAt 24 contents --strip global header let revflag = case BS.unpack $ BS.take 4 a of [ 0xd4 , 0xc3 , 0xb2 , 0xa1 ] -> True _ -> False p <- parseFile rest revflag print $ p !! 0 BS.putStr $ p !! 0 </code></pre> <p><br> Regards <br> Mukesh Tiwari </p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload