Wireshark · Wireshark-dev: [Wireshark-dev] Getting TCP stream content

Wireshark-dev: [Wireshark-dev] Getting TCP stream content

From: "Nick Chorley" <nick.chorley@xxxxxxxxx>

Date: Fri, 24 Aug 2007 14:46:36 +0100

Hi,

I'm wondering how hard it is to implement Wireshark's "Follow TCP Stream" feature. Basically, I need to do this myself because 1. I have large data files that Wireshark can't handle and 2. I need to do this automatically, because there are a large number of streams in the data. What I would like to be able to do in my program is get the contents of each individual stream and then do some processing on the readable ASCII in the stream. Wireshark does *exactly* what I want in that it gives me the stream content in ASCII, but the only downsides are those mentioned above. I have found a library that performs TCP stream reassembly (libnids) and have used it but it appears to interleave streams :/.

Any suggestions would be great!

Regards,

Nicky Chorley

Prev by Date: Re: [Wireshark-dev] oid_* functions missing
Next by Date: Re: [Wireshark-dev] oid_* functions missing
Previous by thread: Re: [Wireshark-dev] oid_* functions missing
Next by thread: [Wireshark-dev] Adding Capture Engine question
Index(es):
- Date
- Thread