Wireshark-dev: Re: [Wireshark-dev] Bzip2 support
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 26 Jun 2019 10:41:52 -0700
On Jun 26, 2019, at 2:08 AM, Ismael Mendez <ismael@xxxxxxx> wrote:

> Does Wireshark actually provide any way to decompress bzip2 streams?

No - neither in the sense of "decompressing bzip2'ed capture files on the fly the way we do with gzipped capture files" or in the sense of "decompressing bzip2'ed data streams in network traffic".

> In case it doesn't, what about including a library to do it like bzip2 (https://sourceware.org/bzip2/ BSD License) or any other if available? Could this be suitable? 

It could probably be done (note that for decompressing capture files that would require the ability to do random access I/O, so that, once you've read the file up to some point sequentially, a separate descriptor can be used to randomly seek-and-read any packet in the part that's been read - and do so efficiently, rather than implement "seek backwards" as "seek back to the beginning of the file and skip forwards").