We have tools for analyzing and displaying logs and these logs may refer
to captured
packets (the log may actually contain the packets but we do not intend
to write 10000
dissectors for our log analyzer when Wireshark already does this). We
indent to save
those captured packets to a file in the pcap format and then launch
Wireshark for
analyzing and viewing the packets.
I wonder if there is any programmatic interface for controlling
Wireshark so that it
can load different capture files and jump to specific packets (perhaps
identified by
time stamp) in the capture as commanded by another program. Maybe
Wireshark could listen
to a TCP port to which you can connect and send commands. Or maybe some
more standardized
IPC mechanism.
I scanned through the User's Guide but could not find anything similar
to what we want
to do.
Thanks,
Ola Liljedahl
