Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, May 7, 2020 1:55 PM
Hello All,
I have the requirement to read PCAP file using C#, filter some of the data which is not required and convert the data into CSV file. Can anyone help on this?
Best Regards,
Hari
click "Proposed As Answer by" if this post solves your problem or "Vote As Helpful" if a post has been useful to you Happy Programming! Hari
All replies (4)
Thursday, May 7, 2020 2:25 PM
What exactly are you looking for? Do you have code that isn't working? Have you googled for libraries that can do this (say in Nuget) and haven't found any? We cannot write the code for you so we don't understand exactly what you need help with. Also a quick google of PCAP reveals several different acronyms so clarify exactly what file you're talking about. The only references I can find are around packet dumps, references to no longer being maintained or supported or 404s.
Michael Taylor http://www.michaeltaylorp3.net
Thursday, May 7, 2020 2:27 PM
Hello,
First off this is not an answer.
The structure of the files is indeed complex, for an idea see the following which is not an answer.
https://www.codeproject.com/Articles/12458/SharpPcap-A-Packet-Capture-Framework-for-NET
Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
NuGet BaseConnectionLibrary for database connections.
StackOverFlow
Friday, May 8, 2020 5:35 AM
Thanks for reply.
Basically I need to read the PCAP file which is created by wireshark and parse the data and convert it to CSV.
I don't have any code now. Please recommend any third party dlls.
Best Regards,
Hari
click "Proposed As Answer by" if this post solves your problem or "Vote As Helpful" if a post has been useful to you Happy Programming! Hari
Friday, May 8, 2020 1:07 PM
Here's their list of libraries for the older libpcap format. I've not looked at the format but they explicitly state it is easy to read so you'll probably just need to write it yourself. You could probably use WinPCap and P/Invoke. Here's somebodies C# wrapper around it.
https://github.com/PcapDotNet/Pcap.Net
https://formats.kaitai.io/pcap/csharp.html
There is also a recommendation on SharpPCap but that gives as 404.
The documentation also mentions that the newer format isn't supported there. It also doesn't seem like it is done. For this newer format there are currently no libraries so you'd have to write your own.
Michael Taylor http://www.michaeltaylorp3.net