On Jan 24, 2023, at 12:37 AM, DIETZ Alexander <alexander.dietz-...@hexagon.com> wrote:
> I am very new to wireshark and the pcapng data format used to save wireshark > recorded data. I want to read that data with python using the “pyshark” > module, but I cannot find proper documentation on the data format(s). The > only “extended” documentation I could find is here > > http://kiminewt.github.io/pyshark/ > > which I would not consider as extended at all, as the documentation on the > data format seems to be missing? > > Is there some other place where the formats of the packages, the layers etc. > is described in more detail? Pcapng files, like pcap files, Sniffer files, Network Monitor files, etc., are sequences of one or more records, in a particular format. Packet records contain metadata such as packet lengths and time stamps, as well as a blob of raw data. The blob of raw data may contain additional metadata, followed by raw packet data. Do you want the format of the records in those files described, do you want the format of the raw data blobs described, or both? From "the formats of the packages, the layers etc." it sounds as if you want the format of the raw data blobs described. For example, if the packets are Ethernet packets, they begin with a 14-byte Ethernet header; if the type/length field in the Ethernet header has a type value rather than a length value, the type value indicates the type of packet that follows the 14-byte header. A value of 0x0800, for example, means that the packet is an IPv4 packet, which begins with a header as described by RFC 791, and so on. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: http://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
