Wireshark mailing list archives

Leverage wireshark dissection tree in a 3rd party program

From: Matt <mattator () gmail com>
Date: Thu, 18 Jun 2020 00:56:50 +0200

Hi,

I write a software for multipath TCP analysis
(https://github.com/teto/mptcpanalyzer) and would like to extend it to
do live analysis (it's limited to offline for now).
I wonder what is the best way to retrieve live wireshark information
such as the `tcp.*` and `mptcp.*` analysis from the dissection tree.
Termshark seems to watch for tshark output:
https://github.com/gcla/termshark/blob/master/docs/FAQ.md#how-does-termshark-use-tshark

but I wondered if there was any other way:
- calling out functions directly from libshark
- via tsharkd ? if there was a server of sort that could send the
dissection tree via RPC, wireshark could decouple the GUI and the
engine (as it is certainly done via libshark already). I am for
instance thinking of neovim that decouples the UI from the server so
that you can create your own GUI using a vim engine.

Cheers
Matt
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Leverage wireshark dissection tree in a 3rd party program Matt (Jun 17)
- the Fragment offset field in IP packet should follow the Raw bitstream？ damker (Jun 19)
  - Re: the Fragment offset field in IP packet should follow the Raw bitstream？ Jaap Keuter (Jun 19)
    - Re: [Wireshark-users] the Fragment offset field in IP packet should follow the Raw bitstream？ damker (Jun 20)
    - Re: the Fragment offset field in IP packet should follow the Raw bitstream？ Jaap Keuter (Jun 23)