问题描述

我工作的SS7项目，并达到一个地步，我需要创建我的TCAP剥离器/分析器，所以我想用我的源里Wireshark的开发文件。

I'm working on SS7 project and reached a point where I need to create my tcap dissector/parser, So I was wondering to using wireshark dev files inside my source.

这可能吗？如是？我该怎么办呢？有没有教程可用？

Is that possible? if yes? how can I do it? is there any tutorial available?

推荐答案

拥有所有必要的信息。

http://www.tcpdump.org/ has all needed information.

您需要使用如下所述：的

You'll need to use libpcap as described here: http://www.tcpdump.org/pcap3_man.html

我猜 pcap_open_offline 是一个良好的开端，那么你可以使用相关的函数来获取包含在转储文件的结构化数据。使用相同的库，你可以也直接从您的应用程序捕获。

I guess pcap_open_offline is a good start, you can then use the related functions to get the structured data contained in the dump file. Using the same library, you could also capturing directly from your application.

在一个相关的说明，Wireshark的和tshark的允许导出PCAP文件，XML，你也可以使用，而不是二进制PCAP格式，如果你想。

On a related note, wireshark and tshark allow to export a pcap file to xml, you could also use this format instead of the binary pcap if you'd like to.

这篇关于我的计划里面Wireshark的TCAP剥离的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！