Wireshark mailing list archives
Leverage wireshark dissection tree in a 3rd party program
From: Matt <mattator () gmail com>
Date: Thu, 18 Jun 2020 00:56:50 +0200
Hi, I write a software for multipath TCP analysis (https://github.com/teto/mptcpanalyzer) and would like to extend it to do live analysis (it's limited to offline for now). I wonder what is the best way to retrieve live wireshark information such as the `tcp.*` and `mptcp.*` analysis from the dissection tree. Termshark seems to watch for tshark output: https://github.com/gcla/termshark/blob/master/docs/FAQ.md#how-does-termshark-use-tshark but I wondered if there was any other way: - calling out functions directly from libshark - via tsharkd ? if there was a server of sort that could send the dissection tree via RPC, wireshark could decouple the GUI and the engine (as it is certainly done via libshark already). I am for instance thinking of neovim that decouples the UI from the server so that you can create your own GUI using a vim engine. Cheers Matt ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Leverage wireshark dissection tree in a 3rd party program Matt (Jun 17)
- the Fragment offset field in IP packet should follow the Raw bitstream? damker (Jun 19)
- Re: the Fragment offset field in IP packet should follow the Raw bitstream? Jaap Keuter (Jun 19)
- the Fragment offset field in IP packet should follow the Raw bitstream? damker (Jun 19)