Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Wireshark APIs for display

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 9 Mar 2007 17:03:21 -0800

On Mar 9, 2007, at 1:51 PM, MKS {} wrote:

I have a protocol decode libraray for a protocol I have written in C. This parses the packet stream and decodes packets.

I wanted to use the UI and packet capture capabilities of Wireshark to capture packes and display the messages. I wasn't interested in the wireshark API's for parsing the data. Has anyone done this before?

Probably not, given that libwireshark is designed to, well, support Wireshark, which is a network analyzer, and, well, decodes packets.

I would *VERY STRONGLY* suggest that if you want to use Wireshark to parse your protocol, you write a Wireshark-style protocol decoder for it, rather than trying to stuff into Wireshark a protocol decode library whose decoders don't work the way Wireshark decoders do.

I.e., the code to display decoded packets in Wireshark assumes a Wireshark protocol tree was built, so all protocol decoders for Wireshark have to build a protocol tree.