THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 1
SYN-bit's avatar
18.5k
SYN-bit
answered 2019-07-19 10:12:12 +0000

In order for Wireshark to be able to read your packets, they need to be stored in one of the file formats Wireshark understands. The oldest and simplest format Wireshark can read is the pcap format, as outlined on https://wiki.wireshark.org/Development/LibpcapFileFormat.

Simply put, you need to have the following elements:

  1. A pcap file header
  2. Per packet:
    1. A pcap packet header
    2. The raw packet data

You can also use the newer and more versatile pcapng format as described on https://github.com/pcapng/pcapng