[Haskell-cafe] Reading pcap

Mike Dillon mike at embody.org
Wed Oct 12 17:44:06 CEST 2011 

Did you try using the pcap library on Hackage?

http://hackage.haskell.org/package/pcap

-md

begin mukesh tiwari quotation:
> Hello all
> I was going through wireshark and read this
> pcap<http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=udp_lite_full_coverage_0.pcap>file
> in wireshark. I wrote a simple haskell file which reads the pcap file
> displays its contents however it looks completely different from wireshark.
> When i run this program . it does not produce any thing and when i press ^C
> ( CTRL - C ) it produce output.
> 
> output for given file
> ^C*0xd4 0xc3 0xb2 0xa1 0x02 0x00 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0xff 0xff 0x00 0x00 0x01 0x00 0x00 0x00 0x0b 0xd4 0x9e 0x43 0x41
> 0x38 0x01 0x00 0x3c 0x00 0x00 0x00 0x3c 0x00 0x00 0x00 *0x00* *0x04 0x76
> 0xdd 0xbb 0x3a 0x00 0x04 0x75 0xc7 0x87 0x49 0x08 0x00 0x45 0x00 0x00 0x28
> 0x1a 0x6a 0x40 0x00 0x40 0x88 0x6f 0x71 0x8b 0x85 0xcc 0xb0 0x8b 0x85 0xcc
> 0xb7 0x80 0x00 0x04 0xd2 0x00 0x00 0x38 0x45 0x68 0x65 0x6c 0x6c 0x6f 0x20
> 0x77 0x6f 0x72 0x6c 0x64 0x00 0x00 0x00 0x00 0x00 0x00
> 
> The values displayed in wireshark
> 0000  00 04 76 dd bb 3a 00 04  75 c7 87 49 08 00 45 00   ..v..:.. u..I..E.
> 0010  00 28 1a 6a 40 00 40 88  6f 71 8b 85 cc b0 8b 85   .(.j at .@. oq......
> 0020  cc b7 80 00 04 d2 00 00  38 45 68 65 6c 6c 6f 20   ........ 8Ehello
> 0030  77 6f 72 6c 64 0a 00 00  00 00 00 00               world... ....
> 
> 
> 
> import Data.Char
> import Data.List
> import Text.Printf
> import Control.Monad
> 
> 
> 
> fileReader :: Handle -> IO ()
> fileReader h = do
>         t <- hIsEOF h
>         if t  then return ()
>          else do
>                 tmp <- hGetLine h
>                 forM_  tmp (  printf "0x%02x " )
>         fileReader h
> 
> main = do
>         l <- openBinaryFile "udp_lite_full_coverage_0.pcap" ReadMode
>         fileReader l
>         print "end"
> 
> I am simply trying to write  a  haskell script which produce interpretation
> of pcap packet same as wireshark ( At least for UDP packet ) . Could some
> one please tell me a guide map to approach for this . A general guide line
> for this project like What to read which  could be helpful for this project
> , which haskell library or any thing which you think is useful .
> 
> Regards
> Mukesh Tiwari

> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe

More information about the Haskell-Cafe mailing list