[Haskell-cafe] Reading pcap

mukesh tiwari mukeshtiwari.iiitm at gmail.com
Thu Oct 13 00:55:51 CEST 2011 

Finally i wrote it using pcap as suggested by Mike

import Network.Pcap
import System.IO
import Control.Monad

callfun f = do
        ( p , q ) <- next f
        print $ hdrSeconds p
        print $ hdrCaptureLength p
        print $ hdrWireLength p
        print q
        when ( hdrWireLength p /= 0 ) $ callfun f

main = do
        f <- openOffline "udp_lite_full_coverage_0.pcap"
        callfun f

Output
[user at haskell Programming]$ ./ReadfilePcap
1134482443
60
60
0x0000000001c7c9a0
0
0
0
0x0000000000000000

How can i convert time return by  hdrSeconds  into same as wireshark
[ Date : Month : Year  hour:min: sec ] and hex data return by variable
q into Ascii characters.

Regards
Mukesh Tiwari

On Oct 12, 11:33 pm, mukesh tiwari <mukeshtiwari.ii... at gmail.com>
wrote:
> Thank you all for your valuable comments.
> @ MD no , i haven't tried but  i am looking forward .
> @ Neil Davis It would be great if you can make this library
> external .
> @ Malcolm  Does this mean that pcap files don't have any EOF file
> character.
>
> One last question
> The values which were not visible in wireshark
> 0xd4 0xc3 0xb2 0xa1 0x02 0x00 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0xff 0xff 0x00 0x00 0x01 0x00 0x00 0x00 0x0b 0xd4 0x9e 0x43
> 0x41
> 0x38 0x01 0x00 0x3c 0x00 0x00 0x00 0x3c 0x00 0x00 0x00
>
> Are these hex bytes value of this pcap header ?
>   struct pcap_pkthdr {
>                 struct timeval ts;      /* time stamp */
>                 bpf_u_int32 caplen;     /* length of portion present */
>                 bpf_u_int32 len;        /* length this packet (off wire) */
>         };
>
> If yes then how can i deduce ts , caplen and len from these hex
> values.
>
> Regards
> Mukesh Tiwari
> On Oct 12, 8:49 pm, "malcolm.wallace" <malcolm.wall... at me.com> wrote:
>
> > On 12 Oct, 2011,at 04:39 PM, mukesh tiwari <mukeshtiwari.ii... at gmail.com> wrote:
>
> > >  When i run this program . it does not produce any thing and when i press ^C ( CTRL - C ) it produce output.
>
> > This is because you use hGetLine, which blocks until it sees either a newline character, or EOF.
>
> > Regards,
> >     Malcolm
>
> > _______________________________________________
> > Haskell-Cafe mailing list
> > Haskell-C... at haskell.orghttp://www.haskell.org/mailman/listinfo/haskell-cafe
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-C... at haskell.orghttp://www.haskell.org/mailman/listinfo/haskell-cafe

More information about the Haskell-Cafe mailing list