Re: Wireshark GUI filter control from external applications.

[Lee Brooks <lee.brooks.inbox () gmail com>]

Hi,

Thank you for replying.

Sure, firstly for other bespoke network analysis tools that aim to use
Wireshark to analyse low level network data (but where the main focus of
the tool isn't aimed at that level of detail). In comparison to it's
alternatives Wireshark is feature-rich, very customisable and also stable
which makes it desirable to hook into from other applications. This type of
tool ranges from in-house testing tools to other open-source applications.

For my self personally, a colleague and I are hoping to release a
light-weight open source tool that provides a top-down view on network
data. It has already been written, tested and used in anger by others at
the company where we work. It analyses pcap data then provides statistics
on a list of IP conversations between hosts, allowing you to drill down
into details about the TCP Connections for each conversation. Then from TCP
Connections it can drill down into the individual packet data where it
currently hooks into a prototype-dev version of Wireshark (by changing the
filters on the GUI). It also provides the ability to script your own data
classifications to help identify specific network conditions quickly. Our
aim is to release it to the open source community within the next few
weeks/months.

In my opinion I would rather connect to a Wireshark remote control API than
use a bespoke version or re-create the wheel.

I think a "GUI remote control" would only need to support "Change GUI
Filter" and "Remove GUI Filter" although it has a lot more potential too. I
have implemented these controls in our prototype-dev version or Wireshark
and the source code supports it fairly well.

Any help you can offer would be appreciated.

Thanks,

Lee



On 9 February 2013 21:18, Kurt Knochner <ws.dev.list () nospam knochner com>wrote:

> On 2013-02-08 16:44, Lee Brooks wrote:
>
> > _Just to clarify when I say "update the packet filters" I mean to
> >
> > change the filters of a .pcap file that has already been
> > opened/displayed._
>
> changing the display filter while Wireshark is running, sounds like
> remote control of the GUI. Can you describe a common use case for
> this "extension"?
>
> Regards
> Kurt
> ______________________________**______________________________**
> _______________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/**lists/wireshark-dev<http://www.wireshark.org/lists/wireshark-dev>
> Unsubscribe: 
> https://wireshark.org/mailman/**options/wireshark-dev<https://wireshark.org/mailman/options/wireshark-dev>
>             mailto:wireshark-dev-request@**wireshark.org<wireshark-dev-request () wireshark org>
> ?subject=**unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe