Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-dev: Re: [Wireshark-dev] Get Captured Data

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: Rene.Baumann@xxxxxxxxxxxxxx
Date: Fri, 07 Dec 2007 12:36:45 +0100

Hi Martin,

I want to write a programm that handles the captured and decoded data.
This programm shall send the data to another pc.

The other pc is also responsible for giving my program the instructionto filter or even to start the capturing of wireshark.


But I have already found a solution for my problem.
I will use the console based tshark for it.
It will give me the data I need over the stdout or a pdml/psml/etc. file
so I can send it back over the network.

By the way the pc which will run my program can be a linux or awindows system.

Although I have to handle both OSs.
The pipe cannot be used under Windows, but I know how to bypass it.

Thanks for your help.

Regards,
Rene

Hi Rene,

I'm not getting what you want to achieve in the end. What is your tool
supposed to do with the captured and *dissected* packages? Are you
just interested in specific fields of protocols which can already be
dissected by Wireshark?

What OS are you running? On Linux/Unix - could something like (e.g.)

bash$ ssh root@myhost tshark -T fields -e ip.src -e ip.dst | ./mytool

suit your needs? This traces remotely on "myhost", extracts the source
and destination IPs and pipes the text output to the locally started
application "mytool".

Regards,
Martin

Prev by Date: Re: [Wireshark-dev] error with packet.h
Next by Date: Re: [Wireshark-dev] error with packet.h
Previous by thread: Re: [Wireshark-dev] Get Captured Data
Next by thread: Re: [Wireshark-dev] Get Captured Data
Index(es):
- Date
- Thread