Wireshark · Ethereal-dev: [ethereal-dev] Interprocess API for Ethereal

Ethereal-dev: [ethereal-dev] Interprocess API for Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Visser, Martin (SNO)" <Martin.Visser@xxxxxxxxxx>

Date: Mon, 17 Jan 2000 14:41:51 +0800

Hi,

I've been playing with Ethereal for a few months now and find it an
excellent competitor to MS Network Monitor and Sniffer when it comes to
decoding. I've heard that there might be some graphing capability coming,
but I'd thought I would start rolling my own.

I'm a big fan of Tcl/Tk, and find it is an excellent tool to quickly put
together an app. One particular part I love is the "canvas" widget which
provides an excellent object model for visualisation. I have started
building a sort of radar screen that displays nodes and the traffic between
them. (If you have seen Net Visualiser or NetXray you probably know what I
mean). I also have a few other ideas for visualising traffic in my head.

I have prototyped this by using "tcpdump" output and then parsing for input
to my program. However what I really want to do is to link directly into
ethereal. I have hacked into ethereal already and found the bits where I can
dump out the src and dst address and so forth.

My question is, what do you think would be the best way to pass this to my
Tcl/Tk program? I think that it would be great to have a generic method of
"plugging" an external app into Ethereal to some real-time post processing.
I really think that it would be good to allow the external program to be
decoupled. (Other possible uses would be for ethereal to write data to a
database that could be accessed via a web page).

Some thoughts on how this interface might be implemented are 

1. Create a standard named pipe (/tmp/ethereal.out) that an external app can
read from. Alternatively use a UNIX or UDP socket to send data to.
2. We need a standard way of representing the parsed packets, maybe XML or
CSV
3. Allow the external program to tell ethereal what fields of the decoded
packets it is interested in. Also allow the external program to pass a
capture/display filter.

What are your thoughts? (Anything that I do will be GPLed when I get
something working so don't worry about me Compaq stealing your IP) 


Martin Visser
Technology Consultant - Compaq Services

Compaq Computer Australia
410 Concord Road
Rhodes, Sydney NSW 2138
Australia

Phone: +61-2-9022-5630
Mobile: +61-411-254-513
Fax:+61-2-9022-7001
Email:martin.visser@xxxxxxxxxx

Prev by Date: Re: [ethereal-dev] Re: [ethereal-users] A problem when I use it.
Next by Date: [ethereal-dev] makefile.nmake for gtk
Previous by thread: [ethereal-dev] Temperatures at LinuxWorldExpo
Next by thread: [ethereal-dev] makefile.nmake for gtk
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$