I want to get information I have with Wireshark (the GUI), the information I want are for each packets its layers with all fields and their hexadecimal values. I want to get it to transform each packet into a JSON with this structure:
{
"pcap_file": pcap_file,
"number": paquet number (this first column in Wireshark GUI),
"sniff_time" : sniff time
"layers": {
layer_name: {
field_name: field's raw value,
.......
},
......
]
}
I tried while few hours to do with the pyshark library in python. I almost done it but the thing is sometimes I don't have some information about the last layer.
For example for a LDAP packet with in the LDAP layer two fields "SASL Buffer Length" and "SASL Buffer" I had only the "SASL Buffer". So for this example I could build "SASL Buffer" using the layer's raw data on subtract "SASL BUffer Length"'s raw data. But with a lot of other examples with more missing fields, I couldn't because this library doesn't provide the order of fields.
So I'm wondering if there is a way to have all this information (all fields, with their order and their raw values, and for each layer) as we have in the GUI.
I saw there is maybe these ways:
-Write a C++ program and use tshark and use JSON option
-Write a Lua script to dissect packet
But honestly I'm pretty lost, for all documentation/answers I did read, I don't see way to get raw values as I want and have with the GUI
