Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Get Captured Data

Date: Fri, 07 Dec 2007 12:36:45 +0100
Hi Martin,

I want to write a programm that handles the captured and decoded data.
This programm shall send the data to another pc.
The other pc is also responsible for giving my program the instruction to filter or even to start the capturing of wireshark.

But I have already found a solution for my problem.
I will use the console based tshark for it.
It will give me the data I need over the stdout or a pdml/psml/etc. file
so I can send it back over the network.

By the way the pc which will run my program can be a linux or a windows system.
Although I have to handle both OSs.
The pipe cannot be used under Windows, but I know how to bypass it.

Thanks for your help.

Regards,
Rene



Hi Rene,

I'm not getting what you want to achieve in the end. What is your tool
supposed to do with the captured and *dissected* packages? Are you
just interested in specific fields of protocols which can already be
dissected by Wireshark?

What OS are you running? On Linux/Unix - could something like (e.g.)

bash$ ssh root@myhost tshark -T fields -e ip.src -e ip.dst | ./mytool

suit your needs? This traces remotely on "myhost", extracts the source
and destination IPs and pipes the text output to the locally started
application "mytool".

Regards,
Martin