Dumping ethereal capture files to ASCII text?

[brikis98]

For a java project i'm working on, I need to be able to take a raw (binary) ethereal capture file (.cap), which is written in libpcap format, and convert the info inside of it to ASCII text so it is human readable. the catch is that I want to be able to do it with as few external dependencies as possible.

I would hazard a guess that writing a parser of my own to handle the raw data would be tricky (correct me if i'm wrong), so I'm ok if I need to include a .jar file or something i can easily package into my project's .jar. what i'm trying to avoid is having to search the registry or environment variables and relying on some particular programs (such as tethereal or tcpdump) to be installed.

any suggestions are appreciated

 

[Kadarin]

Ethereal has an export function (file -> export). However, there was a bug that prevented it from working correctly. I'm not sure if it was fixed.

 

[Pwnbroker]

Not the answer he was looking for. We actually made our own parser in C++ class, and it was pretty simple really. Basically, all you have to do is pull 1 byte at a time into a char, check it against the ascii equivalent and filter out what you don't want. Our teacher had a network log of a chat program, and we had to convert it to human language, and it was cool as hell to do that.

I'm not sure how you would do it in Java since Java enforces data types.

 

[brikis98]

Originally posted by: Pwnbroker
Not the answer he was looking for. We actually made our own parser in C++ class, and it was pretty simple really. Basically, all you have to do is pull 1 byte at a time into a char, check it against the ascii equivalent and filter out what you don't want. Our teacher had a network log of a chat program, and we had to convert it to human language, and it was cool as hell to do that.

I'm not sure how you would do it in Java since Java enforces data types.

yeah, this was the kind of thing i was looking for... i know full well that ethereal, tethereal and a bunch of other software can convert the raw capture files into ASCII, but as i said before, i don't want this project to have outside dependencies.

so either i code it myself, or i add some 3rd party jar that can do this for me... more details on either solution are appreciated

 

[Pwnbroker]

When I get home, I'll see if I still have the source code from my project. C++ should be close enough to Java to be usable with minimal modification. If nothing else, you could use it for reference only.

 

[brikis98]

Originally posted by: Pwnbroker
When I get home, I'll see if I still have the source code from my project. C++ should be close enough to Java to be usable with minimal modification. If nothing else, you could use it for reference only.

that would be awesome, thanks.

 

[Nothinman]

Aren't there libpcap bindings for Java? One would imagine that would save you a lot of guesswork and having to parse the file yourself.

 

[brikis98]

bump

 

[brikis98]

bump

 

[Pwnbroker]

Sorry man, I forgot. I'll do that first thing in the morning. The files are at home and I'm at work.

 

[Pwnbroker]

File I/O

This is the complete folder of my project. The file that was used is also there, but you can edit the source and replace it's reference with whatever file you want to use and recompile it if you want.

Edit: I removed the dump file, as it may contain security sensitive information

 

[brikis98]

Originally posted by: Pwnbroker
File I/O

This is the complete folder of my project. The file that was used is also there, but you can edit the source and replace it's reference with whatever file you want to use and recompile it if you want.

Edit: I removed the dump file, as it may contain security sensitive information

thanks! i'll check it out...