[Haskell-cafe] Reading pcap

mukesh tiwari mukeshtiwari.iiitm at gmail.com
Wed Oct 12 17:38:07 CEST 2011 

Hello all
I was going through wireshark and read this
pcap<http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=udp_lite_full_coverage_0.pcap>file
in wireshark. I wrote a simple haskell file which reads the pcap file
displays its contents however it looks completely different from wireshark.
When i run this program . it does not produce any thing and when i press ^C
( CTRL - C ) it produce output.

output for given file
^C*0xd4 0xc3 0xb2 0xa1 0x02 0x00 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0xff 0xff 0x00 0x00 0x01 0x00 0x00 0x00 0x0b 0xd4 0x9e 0x43 0x41
0x38 0x01 0x00 0x3c 0x00 0x00 0x00 0x3c 0x00 0x00 0x00 *0x00* *0x04 0x76
0xdd 0xbb 0x3a 0x00 0x04 0x75 0xc7 0x87 0x49 0x08 0x00 0x45 0x00 0x00 0x28
0x1a 0x6a 0x40 0x00 0x40 0x88 0x6f 0x71 0x8b 0x85 0xcc 0xb0 0x8b 0x85 0xcc
0xb7 0x80 0x00 0x04 0xd2 0x00 0x00 0x38 0x45 0x68 0x65 0x6c 0x6c 0x6f 0x20
0x77 0x6f 0x72 0x6c 0x64 0x00 0x00 0x00 0x00 0x00 0x00

The values displayed in wireshark
0000  00 04 76 dd bb 3a 00 04  75 c7 87 49 08 00 45 00   ..v..:.. u..I..E.
0010  00 28 1a 6a 40 00 40 88  6f 71 8b 85 cc b0 8b 85   .(.j at .@. oq......
0020  cc b7 80 00 04 d2 00 00  38 45 68 65 6c 6c 6f 20   ........ 8Ehello
0030  77 6f 72 6c 64 0a 00 00  00 00 00 00               world... ....



import Data.Char
import Data.List
import Text.Printf
import Control.Monad



fileReader :: Handle -> IO ()
fileReader h = do
        t <- hIsEOF h
        if t  then return ()
         else do
                tmp <- hGetLine h
                forM_  tmp (  printf "0x%02x " )
        fileReader h

main = do
        l <- openBinaryFile "udp_lite_full_coverage_0.pcap" ReadMode
        fileReader l
        print "end"

I am simply trying to write  a  haskell script which produce interpretation
of pcap packet same as wireshark ( At least for UDP packet ) . Could some
one please tell me a guide map to approach for this . A general guide line
for this project like What to read which  could be helpful for this project
, which haskell library or any thing which you think is useful .

Regards
Mukesh Tiwari
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20111012/e5927141/attachment.htm>

More information about the Haskell-Cafe mailing list