Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Programming against WireShark pcap processing engine

From: Per Steffensen <steff@xxxxxxxxxxxxx>
Date: Mon, 07 Mar 2011 14:27:38 +0100
Hi

I am writing a Java program that has process a lot of pcap files to extract certain data - in phase one I have to extract MMS's from those pcaps. If I put some of my example pcap files into WireShare it shows me that there is an MMS and I am able to extract the different parts of the MMS (smil, images, etc) by using the WireShark GUI.

Basically I want to programmatically extract those different parts of the MMS from my java program. I imagine to use the pcap processing (guess you call it dissection) part of WireShark from my java program.

What is the best approach I can take?
I dont want to show the WireShark GUI. Guess I could call tshark from my java program? But does tshark enable me to extract embedded data like e.g. a JPG image?
Are there better approaches?
I have read a little about libwireshark. It that the way to go? How to get started on using libwireshark? Documentation? I have also seen some tools on Wiki (http://wiki.wireshark.org/Tools). Are there good starting points among them?

Hope for some good feedback. Also hope to eventually be able to give something back to the WireShark project.

Regards, Steff