Thank You so much Guy and Tomasz, that was exactly what I was looking for. Best Regards, Rui
Cumprimentos, Rui Pedro Caldeira On Wed, Jul 31, 2013 at 11:17 AM, Guy Harris <g...@alum.mit.edu> wrote: > > On Jul 31, 2013, at 2:46 AM, Rui Pedro Caldeira <rpcalde...@outlook.com> > wrote: > > > Hey Tomasz, thanks for the anwser. But my main question is how to write > the bytes into the pipe so that Wireshark recognizes them as IEEE 802.15.4 > packets, kinda like a structure that Wireshark is waiting for. I cannot > just write the packet into the pipe, Wireshark gives me an error :S > > You don't write packets to a pipe on which Wireshark is capturing; you > write a byte stream that looks either like a pcap file: > > http://www.tcpdump.org/manpages/pcap-savefile.5.html > > or looks like a pcap-ng file: > > http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html > > Those types of file *include* packets, but they include more than just > packet data. > > So: > > If you're writing a pcap file, the *first* thing you have to write is a > pcap file header, including a "link-layer header type" value corresponding > to the 802.15.4 format you're using (see the LINKTYPE_ values in the > tcpdump.org page Tomasz mentioned), and then, for each packet, a pcap > per-packet header followed by the raw packet data. > > If you're writing a pcap-ng file, the *first* thing you have to write is a > Section Header Block: > > > http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionshb > > followed by an Interface Description Block: > > > http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionidb > > including a "LinkType" value corresponding the the 802.15.4 format you're > using (see the LINKTYPE_ values in the tcpdump.org page Tomasz > mentioned), and then, for each packet, an Enhanced Packet Block: > > > http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionepb > > or, if you don't have time stamps for the packets, a Simple Packet Block: > > > http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionpbs > > containing the raw packet data. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
