Re: Redirecting Wireshark output through a socket

[Jeff Morriss <jeff.morriss.ws () gmail com>]

Gustavo wrote:
> Hello everybody.
>
> I was asked to study a way for communicating between Wireshark and a
> commercial tool in Windows. Wireshark should analyze network traffic,
> dissect it and pass (part of) it to the commercial tool for further
> analysis and statistics.

What exactly do you want to feed into the other tool?  The ASCII decode 
like:

> Ethernet II, Src: 00:14:4f:94:bb:0d (00:14:4f:94:bb:0d), Dst: 00:0e:0c:b5:22:3b (00:0e:0c:b5:22:3b)
>     Destination: 00:0e:0c:b5:22:3b (00:0e:0c:b5:22:3b)
>         Address: 00:0e:0c:b5:22:3b (00:0e:0c:b5:22:3b)
>         .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
>         .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
>     Source: 00:14:4f:94:bb:0d (00:14:4f:94:bb:0d)
>         Address: 00:14:4f:94:bb:0d (00:14:4f:94:bb:0d)
>         .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
>         .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
>     Type: IP (0x0800)

?

In that case you should probably use 'tshark' and you could (I suppose 
this would work on Windows) do something like:

tshark -V -r /some/cap/file | the_other_analyzer

though I doubt that the commercial tool will really understand this 
output...
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe