Wireshark mailing list archives
Re: Redirecting Wireshark output through a socket
From: Gustavo <gupa () rocketmail com>
Date: Fri, 16 Oct 2009 04:56:46 -0700 (PDT)
Da: Jeff Morriss <jeff.morriss.ws () gmail com>
What exactly do you want to feed into the other tool?
Possibly XML (pdml).
In that case you should probably use 'tshark' and you could (I suppose this would work on Windows) do something like: tshark -V -r /some/cap/file | the_other_analyzer though I doubt that the commercial tool will really understand this output...
I have probably been not very clear about this: the commercial tool is not written yet, so we are (almost) free to change any specification. This tool should do further analysis and statistics on the output generated (and dissected) by wireshark. My first idea was to use tshark too (I've just tried realtime capture and export in pdml and it works perfectly), but it's not clear if the client wants to have access to Wireshark interface (the main window). For that reason we were thinking of adding a socket in Wireshark to redirect the output (possibly in PDML) to the commercial tool which should be listening and parsing it. The same think should work for a capture file (*.pcap for example) opened in Wireshark. Now I'm digging Wireshark code to find the best place (and way) to insert the socket part, but first I was wondering if someone already had the same problem, as it seems a common issue for using Wireshark with commercial sw. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Redirecting Wireshark output through a socket Gustavo (Oct 15)
- Re: Redirecting Wireshark output through a socket Jeff Morriss (Oct 15)
- Re: Redirecting Wireshark output through a socket Stephen Fisher (Oct 15)
- Re: Redirecting Wireshark output through a socket Eloy Paris (Oct 15)
- Re: Redirecting Wireshark output through a socket Gustavo (Oct 16)
- Re: Redirecting Wireshark output through a socket Peter Ross (Oct 16)
- Re: Redirecting Wireshark output through a socket Jaap Keuter (Oct 16)
- Re: Redirecting Wireshark output through a socket Jeff Morriss (Oct 16)
- Re: Redirecting Wireshark output through a socket Gustavo (Oct 19)
- Re: Redirecting Wireshark output through a socket Stephen Fisher (Oct 15)
- Re: Redirecting Wireshark output through a socket Jeff Morriss (Oct 15)