Re: [Haskell-cafe] Reading pcap

Wed, 12 Oct 2011 08:48:43 -0700 

Its the byte ordering being different between the pcap file and the machine on 
which the haskell is running


On 12 Oct 2011, at 16:38, mukesh tiwari wrote:

> Hello all 
> I was going through wireshark and read this pcap file in wireshark. I wrote a 
> simple haskell file which reads the pcap file displays its contents however 
> it looks completely different from wireshark. When i run this program . it 
> does not produce any thing and when i press ^C ( CTRL - C ) it produce 
> output. 
> 
> output for given file 
> ^C0xd4 0xc3 0xb2 0xa1 0x02 0x00 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
> 0x00 0xff 0xff 0x00 0x00 0x01 0x00 0x00 0x00 0x0b 0xd4 0x9e 0x43 0x41 0x38 
> 0x01 0x00 0x3c 0x00 0x00 0x00 0x3c 0x00 0x00 0x00 0x00 0x04 0x76 0xdd 0xbb 
> 0x3a 0x00 0x04 0x75 0xc7 0x87 0x49 0x08 0x00 0x45 0x00 0x00 0x28 0x1a 0x6a 
> 0x40 0x00 0x40 0x88 0x6f 0x71 0x8b 0x85 0xcc 0xb0 0x8b 0x85 0xcc 0xb7 0x80 
> 0x00 0x04 0xd2 0x00 0x00 0x38 0x45 0x68 0x65 0x6c 0x6c 0x6f 0x20 0x77 0x6f 
> 0x72 0x6c 0x64 0x00 0x00 0x00 0x00 0x00 0x00 
> 
> The values displayed in wireshark 
> 0000  00 04 76 dd bb 3a 00 04  75 c7 87 49 08 00 45 00   ..v..:.. u..I..E.
> 0010  00 28 1a 6a 40 00 40 88  6f 71 8b 85 cc b0 8b 85   .(.j@.@. oq......
> 0020  cc b7 80 00 04 d2 00 00  38 45 68 65 6c 6c 6f 20   ........ 8Ehello 
> 0030  77 6f 72 6c 64 0a 00 00  00 00 00 00               world... ....    
> 
> 
> 
> import Data.Char
> import Data.List
> import Text.Printf
> import Control.Monad
> 
> 
> 
> fileReader :: Handle -> IO ()
> fileReader h = do
>         t <- hIsEOF h
>         if t  then return ()
>          else do
>                 tmp <- hGetLine h
>                 forM_  tmp (  printf "0x%02x " )         
>         fileReader h    
> 
> main = do 
>         l <- openBinaryFile "udp_lite_full_coverage_0.pcap" ReadMode
>         fileReader l 
>         print "end"
> 
> I am simply trying to write  a  haskell script which produce interpretation 
> of pcap packet same as wireshark ( At least for UDP packet ) . Could some one 
> please tell me a guide map to approach for this . A general guide line for 
> this project like What to read which  could be helpful for this project , 
> which haskell library or any thing which you think is useful . 
> 
> Regards 
> Mukesh Tiwari
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe@haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Reply via email to