PCAP Interpretation

Hello,

I have a PCAP file, when opened using Wireshark it shows (in info) column a particular packet is for "Attach Request" and the other one for "Attach Accept". I exported this file in Json and trying to visually figure out which element gives this information to wireshark. I was unable to find it. Hence, my question, on what basis Wireshark gives a very useful information about the packet in "info" column, Which section of packet provides this information?

I need to do this as I am reading PCAP in java and intend to interpret this information for validation. Can you help please?

Thanks Nitin

Which section of packet provides this information?

That depends on the protocol.

I need to do this as I am reading PCAP in java and intend to interpret this information for validation.

You should find a specification for the protocol that includes those attach requests and responses, and read that.

19.9k

Guy Harris

answered 2023-11-15 19:46:50 +0000

edit flag offensive 0 remove flag delete link

Comments

Thank you . I am new to the PCAP and protocols. Essentially I am trying to design a PCAP analyser for my specific needs. I see in wreshark there is an info coloumn, that gives information about "Attach Reqest/Response" etc. I created Json of the same file and was trying to figure out from Json which one translates to "Attach Request" , could not make out. May be answer lies in your response, I need to understand protocols better.

Nitin (2023-11-17 11:41:25 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

PCAP Interpretation edit

Comments

1 Answer

Comments