Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Programming against WireShark pcap processing engine

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Tue, 08 Mar 2011 11:13:21 -0500
Per Steffensen wrote:
Hi

I am writing a Java program that has process a lot of pcap files to extract certain data - in phase one I have to extract MMS's from those pcaps. If I put some of my example pcap files into WireShare it shows me that there is an MMS and I am able to extract the different parts of the MMS (smil, images, etc) by using the WireShark GUI.

Basically I want to programmatically extract those different parts of the MMS from my java program. I imagine to use the pcap processing (guess you call it dissection) part of WireShark from my java program.

What is the best approach I can take?
I dont want to show the WireShark GUI. Guess I could call tshark from my java program? But does tshark enable me to extract embedded data like e.g. a JPG image?

I don't think you can do that from tshark.

Are there better approaches?
I have read a little about libwireshark. It that the way to go? How to get started on using libwireshark? Documentation?

libwireshark exists but it is designed to only be used by Wireshark and its tools. As such, there really isn't any documentation about how to use it in other tools.

That being said, there has been traffic on this list from people who have used libwireshark directly--with some success IIRC.

I have also seen some tools on Wiki (http://wiki.wireshark.org/Tools). Are there good starting points among them?

Hope for some good feedback. Also hope to eventually be able to give something back to the WireShark project.

Maybe it could be done in one of the scripting environments Wireshark supports (Lua and Python)?