<span class="Apple-style-span" style="font-family: fixed-width, monospace; font-size: 13px; background-color: rgb(255, 255, 255); ">Hello everyone <br>I am writing application which reads pcap file like wireshark in pure haskell but there is some thing missing. I read this file <a target="_blank" rel="nofollow" href="http://www.google.com/url?sa=D&q=http://www.viste.com/Linux/Server/WireShark/libpcapformat.pdf&usg=AFQjCNFGc3iahpvawk5KhrVxQzqC2grFJQ" style="color: rgb(0, 0, 204); ">http://www.viste.com/Linux/Server/WireShark/libpcapformat.pdf</a> <br>
and it say that first 24 bytes are global headers , after that every packet contains pcap local header and data. What i am trying to do is , first trying to get the bytes of data in each packet by reading the third <br>
field incl_len in local header but my code is not behaving as it suppose . I am not getting the list of parsed packets . My test libcap file is <br><a target="_blank" rel="nofollow" href="http://www.google.com/url?sa=D&q=http://wiki.wireshark.org/SampleCaptures%3Faction%3DAttachFile%26do%3Dview%26target%3Dudp_lite_normal_coverage_8-20.pcap&usg=AFQjCNHAd7QbbHa6l55Fwc4MrbbCraMLAQ" style="color: rgb(0, 0, 204); ">http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&ta...</a> <br>
<p>--<a target="_blank" rel="nofollow" href="http://www.google.com/url?sa=D&q=http://www.viste.com/Linux/Server/WireShark/libpcapformat.pdf&usg=AFQjCNFGc3iahpvawk5KhrVxQzqC2grFJQ" style="color: rgb(0, 0, 204); ">http://www.viste.com/Linux/Server/WireShark/libpcapformat.pdf</a> <br>
--<a target="_blank" rel="nofollow" href="http://www.google.com/url?sa=D&q=http://hackage.haskell.org/packages/archive/bytestring/0.9.0.4/doc/&usg=AFQjCNFQJPNdbFIyyTOW8Bb7N9FLj9lsWw" style="color: rgb(0, 0, 204); ">http://hackage.haskell.org/packages/archive/bytestring/0.9.0.4/doc/</a> <br>
html/Data-ByteString-Lazy.html <br>import Data.List <br>import qualified Data.ByteString.Lazy as BS <br>import qualified Data.ByteString.Lazy.Char8 as B <br>import Control.Monad <br>import Text.Printf <br>import Data.Word <br>
import Data.Char <br>import System.Time <br>import Numeric <br>import System.Environment <br></p><p>hexTodec :: BS.ByteString -> Integer <br>hexTodec lst = read $ "0x" ++ ( concatMap ( \x -> showHex x "" ) <br>
$ BS.unpack lst ) <br></p><p>parseFile :: BS.ByteString -> Bool -> IO [ BS.ByteString ] <br>parseFile xs revflag <br> | BS.null xs = return [] <br> | otherwise = do <br> let ind =if revflag then hexTodec . BS.reverse . BS.take 4 . <br>
BS.drop 8 $ xs <br> else hexTodec . BS.take 4 . BS.drop 8 $ xs <br> print ind <br> let ( x , ys ) = BS.splitAt ( fromIntegral ind ) xs <br> --BS.putStrLn $ x <br> tmp <- parseFile ys revflag <br>
return $ x : tmp <br></p><p>main = do <br> [ file ] <- getArgs <br> contents <- BS.readFile file <br> let ( a , rest ) = BS.splitAt 24 contents --strip global header <br></p><p> let revflag = case BS.unpack $ BS.take 4 a of <br>
[ 0xd4 , 0xc3 , 0xb2 , 0xa1 ] -> True <br> _ -> False <br> p <- parseFile rest revflag <br> print $ p !! 0 <br> BS.putStr $ p !! 0 <br></p>
<p>Regards <br>Mukesh Tiwari </p></span>