Re: standalone packet dissection

[Guy Harris <guy () alum mit edu>]

On Jun 2, 2010, at 3:58 PM, Zack Elan wrote:

> Is it possible to call a packet dissector from external code? Specifically, I’d be calling into the SMB/SMB2 
> dissectors from C#, though I realize I’ll almost certainly have to write some C or C++ glue code to get them talking 
> to each other.

There's no infrastructure whatsoever for calling *individual* dissectors externally.

There a couple of programs, called "Wireshark" and "TShark", that call library routines to dissect the entire packet.  
However, the library is somewhat oriented towards the needs of those particular programs.

(I.e., we have a Wireshark library - that's what's in the epan directory in the Wireshark source - and Wireshark and 
TShark call routines in that library to do dissection.)

> What I’m trying to do is use the Wireshark dissectors as a reference implementation for automated testing of the SMB 
> library my company is developing (we can’t re-use the Wireshark dissector directly, for both legal reasons – we’re a 
> closed-source, commercial product – and technical reasons).

Calling libwireshark routines would amount to re-using them directly, for legal reasons - you cannot make a product out 
of libwireshark without your product being GPLed.

You would have to, for example, somehow run TShark "at arm's length" as a separate process, hand the packets to it 
(perhaps over a pipe), and get the dissected output, e.g. in PDML format (perhaps over another pipe).
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe