Wireshark-dev: Re: [Wireshark-dev] Wireshark and Matlab
From: Peter Fuller <randomcodemonky@xxxxxxxxxxxxxx>
Date: Fri, 14 Mar 2008 00:52:41 +0000

Armen,

I might be interested in such a tool. Also, by 'bootstrapping portion' do you mean the one-time epan structure initialization/destruction calls as well as the proper init/malloc/ free per-packet calls?

rkm

On Mar 12, 2008, at 5:28 PM, Armen Babikyan wrote:

Hello,

A few months ago, I wrote a tool that lets me use Wireshark's packet
dissection capabilities in Matlab, to numerically analyze packets. For
example:

b = tshark_read('ws1.pcap', {'frame.number', 'ip.version',
'tcp.seq', 'udp.dstport', 'frame.pkt_len'}, 'ip.version eq 4')

b =

1x14630 struct array with fields:
      frame_number
      ip_version
      tcp_seq
      udp_dstport
      frame_pkt_len

b(3)

ans =

       frame_number: 6
         ip_version: 4
            tcp_seq: []
        udp_dstport: 9618
      frame_pkt_len: 1042



With this array of structs, a Matlab programmer could trivially plot
packet fields with respect to time, or whatever.

My code, however, makes use of (among other things) the general
bootstrapping portion of libwireshark's API, and I've run into
compatibility issues between successive versions of Wireshark that have
similar, but not identical, bootstrapping APIs.  Does the Wireshark
project intend to standardize this part of the libwireshark soon?

If the Wireshark is not intending to standardize libwireshark's API
anytime soon, would the developers consider creating #defines for major, minor, and minorminor numbers for the current version of wireshark, so I can create preprocessor directives based on these to account for further changes to the libwireshark API? For example, I'd like something like this:

#define VERSION "0.99.5" // already exists
#define VERSION_MAJOR 0
#define VERSION_MINOR 99
#define VERSION_MINORMINOR 5

Lastly, is the general public interested in this tool?

Let me know your thoughts.  Thanks!

Armen

--
Armen Babikyan
MIT Lincoln Laboratory
armenb@xxxxxxxxxx . 781-981-1796

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev