0
votes

I found that in Wireshark gui, there is an info field describe the connection info such as HTTP GET or who has x.x.x.x. Just wondering if wireshark will store the info field into pcap dump file?

I am trying to parse the pcap with dpkt python module. Dont' know how should I retrieve this info field. Thanks for any suggestion.

1

1 Answers

0
votes

Just wondering if wireshark will store the info field into pcap dump file?

No, it generates that field - and everything else in the packet summary and packet details pane - by parsing the raw packet data in the pcap dump file.

If you want the same information that Wireshark generates, you'll have to parse the packet yourself and generate it yourself.