Wireshark · Wireshark-users: [Wireshark-users] Leverage wireshark dissection tree in a 3rd party program

Wireshark-users: [Wireshark-users] Leverage wireshark dissection tree in a 3rd party program

Date: Thu, 18 Jun 2020 00:56:50 +0200

Hi,

I write a software for multipath TCP analysis
(https://github.com/teto/mptcpanalyzer) and would like to extend it to
do live analysis (it's limited to offline for now).
I wonder what is the best way to retrieve live wireshark information
such as the `tcp.*` and `mptcp.*` analysis from the dissection tree.
Termshark seems to watch for tshark output:
https://github.com/gcla/termshark/blob/master/docs/FAQ.md#how-does-termshark-use-tshark

but I wondered if there was any other way:
- calling out functions directly from libshark
- via tsharkd ? if there was a server of sort that could send the
dissection tree via RPC, wireshark could decouple the GUI and the
engine (as it is certainly done via libshark already). I am for
instance thinking of neovim that decouples the UI from the server so
that you can create your own GUI using a vim engine.

Cheers
Matt

Follow-Ups:
- [Wireshark-users] the Fragment offset field in IP packet should follow the Raw bitstream？
  - From: damker

Prev by Date: Re: [Wireshark-users] Name resolve a custom column
Next by Date: [Wireshark-users] the Fragment offset field in IP packet should follow the Raw bitstream？
Previous by thread: Re: [Wireshark-users] Name resolve a custom column
Next by thread: [Wireshark-users] the Fragment offset field in IP packet should follow the Raw bitstream？
Index(es):
- Date
- Thread