Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Is there an API to decode a memory buffer containing the content

From: "A. Sinan Unur" <sinan@xxxxxxxx>
Date: Mon, 6 Jun 2011 11:25:15 -0400
Hello all:

I maintain the Net::Sharktools package for Perl which was a straight
conversion using Armen Babikyan's pyshark (see
<http://seclists.org/wireshark/2010/Nov/62>). The API is simple: There
is a single function, perlshark_read, which takes the name of a
capture file and some options, and then uses Wireshark functions to
process the file offline.

I am wondering if there is a way to add the option of passing a buffer
containing a captured packet (or packets) and have it be decoded by
some Wireshark library routine.

I am not familiar with the internals of Wireshark at all. I have been
digging through the sources for a while and reading the READMEs, but I
am thoroughly lost and would appreciate a pointer if there is a way to
start with the contents of a packet (or packets) in a memory buffer
and and have that decoded by Wireshark with no external files
involved.

My searches of the mailing list archives did not turn up anything
useful probably due to me not using the right terms.

Thank you.

-- Sinan

-- 
A. Sinan Unur
http://www.unur.com/sinan/