[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    [Wireshark-users] Leverage wireshark dissection tree in a 3rd party program
From:       Matt <mattator () gmail ! com>
Date:       2020-06-17 22:56:50
Message-ID: CADHp1NxVLw87aHdfUE0tFhSmrdEzOiMA8zNbWg=MX7tQu-pidA () mail ! gmail ! com
[Download RAW message or body]

Hi,

I write a software for multipath TCP analysis
(https://github.com/teto/mptcpanalyzer) and would like to extend it to
do live analysis (it's limited to offline for now).
I wonder what is the best way to retrieve live wireshark information
such as the `tcp.*` and `mptcp.*` analysis from the dissection tree.
Termshark seems to watch for tshark output:
https://github.com/gcla/termshark/blob/master/docs/FAQ.md#how-does-termshark-use-tshark

but I wondered if there was any other way:
- calling out functions directly from libshark
- via tsharkd ? if there was a server of sort that could send the
dissection tree via RPC, wireshark could decouple the GUI and the
engine (as it is certainly done via libshark already). I am for
instance thinking of neovim that decouples the UI from the server so
that you can create your own GUI using a vim engine.

Cheers
Matt
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]