Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Reusing Wireshark Code

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 19 Mar 2007 15:03:49 -0700

On Mar 18, 2007, at 2:37 PM, Andreas Bakurov wrote:

I'm writing a program that should parse TCP/IP packets, currently I'm
using libpcap for this purpose which doesn't help much (I should cast
each packet to the header structure).
Is there a way to reuse wireshark code ?

That depends on what you mean by "parse".

The core dissection code for Wireshark is, on most systems, installed as a shared library (.so, .dylib, DLL, etc.), and, if properly used, can take packet data and turn it into a "protocol tree", which corresponds to the packet detail pane you see in Wireshark. That's the sort of parsing you could do with the Wireshark code.

is there documented API available?

No. Currently, the API isn't documented, and also isn't stable, so you can't rely on it remaining unchanged from Wireshark release to Wireshark release. (You can probably count on it *changing* at some point. Eventually, we'd like to have a stable API, but that requires that it be an API that's not going to leave us having painted ourselves into a corner.)