How to create PCAP file like the sample PPP PCAP file

Jul 29, 2012 at 4:23 PM

I am trying to find a way to create a PCAP file like the sample PPP PCAP file on the web: wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=ppp_lcp_ipcp.pcap

Can I create such PCAP file using DotNetPcap?

 



Coordinator
Aug 3, 2012 at 12:20 PM
Edited Aug 4, 2012 at 9:09 PM

Hi acui01,

 

Yes, you can create this pcap file using Pcap.Net.

However, since PPP isn't yet supported in Pcap.Net, the code is not so straight forward.

 

Here is a sample code to create this pcap file:

 

Packet packet = new Packet(new byte[] { 0x00, 0x41, 0x54, 0x44, 0x23, 0x37, 0x37, 0x37, 0x0d }, DateTime.Now, new PcapDataLink(204));
PacketDumpFile.Dump(filename, new PcapDataLink(204), 8, new[] { packet });


 

In the next version of Pcap.Net, you'll be able to use DataLinkKind.PppWithDirection instead of PcapDataLink(204).

 

I hope this helps,

 

Boaz.

Aug 4, 2012 at 8:59 PM

Hi Boaz,

 

Appreciate your reply to my post.

I tried your sample and it worked. It is what I wanted. It is great!

Can you please kindly let me know the following:

1). I was trying to write two lines to the same file. I duplicated your two lines, but only one line was added to the pcap. Please explain how to resolve this problem.

2). I was trying to write the the packet to a wireshark pipe. So I need to convert the packet to pcap packet. Please let me know how to do this?

 

Thank you!

Austin

Coordinator
Aug 4, 2012 at 9:10 PM

Hi Austin,

 

Just create two packet instances and Dump() them together:

 

Packet packet1 = new Packet(new byte[] { 0x00, 0x41, 0x54, 0x44, 0x23, 0x37, 0x37, 0x37, 0x0d }, DateTime.Now, new PcapDataLink(204));
Packet packet2 = new Packet(new byte[] { 0x00, 0x41, 0x54, 0x44, 0x23, 0x37, 0x37, 0x37, 0x0d }, DateTime.Now, new PcapDataLink(204));
PacketDumpFile.Dump(filename, new PcapDataLink(204), 8, new[] { packet1, packet2 });

 

Boaz.

Aug 5, 2012 at 1:39 PM

Hi Boaz,

Thank you for the reply. Is there a way to open the dump file first and then add on the packets as they are available?

Coordinator
Aug 10, 2012 at 6:45 AM

You can create a method that returns IEnumerable<Packet>, which returns the packets you want to dump by "yield return".

Then you can call PacketDumpFile.Dump() with the return value of this method and each packet will be written when it's available.

I hope this helps,

 

Boaz.