Wireshark mailing list archives
Re: libtshark + scripting language support
From: Eloy Paris <peloy () chapus net>
Date: Wed, 18 Aug 2010 14:22:22 -0400
Hi Mark, On 08/18/2010 01:34 PM, Mark Landriscina wrote: [...]
My motivation was that I wanted to do some work with Scapy and needed to access application layer protocol dissections within Python without re-writing all the dissection code already available in tshark/wireshark.
I am not a Python guy but my understanding is that there is Python support in Wireshark trunk (perhaps in 1.4.x). Did you look into that and determined that it wasn't good enough for what you need? Just curious.
a. Modified tshark code base and compiled it as a library, libtshark.a. This is the original tshark executable, more or less, with some notable additions. In particular, after packet dissection, the epan dissection tree data is copied off into another tree structure that I've defined. This t_dissect_node tree is then serialized and written out over a named-pipe. The name of the named-pipe is defined by the user at run-time. The code to unserialize the t_dissect_node tree is also part of libtshark.a. Also, I have incorporated some additional helper code that makes tree navigation easier. A function named 'run' is called to start tshark and accepts as parameters tshark command line args.
Any reason you chose to integrate tshark instead of libwireshark, which is what does all the dissection work, as Guy mentioned? I would guess that it is because it is easier to execute tshark than to fully integrate libwireshark, but then I don't understand why you need to make tshark a library instead of just executing it from within Python. I actually had a similar need and my approach was to interface with libwireshark. You can check out my work at http://netexpect.org. Cheers, Eloy Paris.- netexpect.org ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- libtshark + scripting language support Mark Landriscina (Aug 18)
- Re: libtshark + scripting language support Guy Harris (Aug 18)
- Re: libtshark + scripting language support Eloy Paris (Aug 18)
- <Possible follow-ups>
- Re: libtshark + scripting language support Mark Landriscina (Aug 18)
- Re: libtshark + scripting language support Thierry Emmanuel (Aug 19)
- Re: libtshark + scripting language support Mark Landriscina (Aug 19)
- Re: libtshark + scripting language support Eloy Paris (Aug 19)
- Re: libtshark + scripting language support Mark Landriscina (Aug 19)
- Re: libtshark + scripting language support Thierry Emmanuel (Aug 20)
- Re: libtshark + scripting language support Eloy Paris (Aug 20)
- Re: libtshark + scripting language support Mark (Aug 23)
- Re: libtshark + scripting language support Thierry Emmanuel (Aug 19)
- Re: libtshark + scripting language support Guy Harris (Aug 20)