Wireshark-dev: Re: [Wireshark-dev] Using wireshark apis
From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Thu, 3 Apr 2008 19:57:02 +0200
Merge, don't fork! Unless unfeasible, the drive should be to add functionality to the existing apps instead of writing new ones. libwireshark was made into a lib to hold what wireshark and tshark had to have in common, not to become a dissection libary for other apps. I do not think there has never been an intention to share libwireshark, and that's why there's no documentation on how to use it. BTW it is GPLd not LGPLd, i.e.: programs that link to it must be GPLd. L On Thu, Apr 3, 2008 at 6:14 PM, Eloy Paris <peloy@xxxxxxxxxx> wrote: > Hi Pavan, > > > On Thu, Apr 03, 2008 at 12:23:04PM +0530, Gupta, Pavan wrote: > > > I would like to use Wireshark library apis to dissect packets. > > > > - Call a function in Wireshark providing the filename or buffer as > > input. File/buffer will have data in pcap format. This function should > > return me dissected data. > > > > Is there any function that can be called directly? > > It's not as simple as that - you need to call several functions to > initialize the library, to load preferences (which are used by the > dissectors), to create the key epan_dissect_t structure, to dissect the > packet, to manage the dissection results, etc. It's not hard but the > point is that it is not as easy as "dissect(data, data_len)". > > > > I am trying to reverse engineer Wireshark (rather tshark) code but > > its taking time to understand the finer details. Also, please share > > the way how I can build my application that links to Wireshark > > .so libraries. Looking at tshark code, it seems load_cap_file( ) > > function is the function that needs to be called, but before that > > some initialization needs to be done (like initializing dissector, > > etc.). The libraries that I need to link are libwiretap.so and > > libwireshark.so. > > It happens that I also have been working on an application that uses > libwireshark services for packet dissection. I looked a lot at tshark > to understand how the libwireshark API is being invoked and ended up > writing a very simple program that allows me to easily play with things > without having to deal with the higher complexity of tshark and with the > wireshark build environment, and that allows me to play with things like > Makefiles and the autoconf script, etc. My test program doesn't have the > the bells and whistles that tshark has and uses libpcap to read packets > instead of libwirecap. > > You can download the source code from: > > http://www.chapus.net/wshark-test/ > > You may have better luck trying to understand this program instead > of tshark/wireshark. > > I was thinking about using this little program as the basis of new > documentation on how to write applications that use libwireshark > services. Perhaps write a README.libwireshark for the doc/ directory and > host the source code for this program somewhere on the Wireshark wiki. > > Comments from the developers regarding the merits of these ideas are > appreciated. > > Cheers, > > Eloy Paris.- > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-dev > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan
- Follow-Ups:
- Re: [Wireshark-dev] Using wireshark apis
- From: Eloy Paris
- Re: [Wireshark-dev] Using wireshark apis
- References:
- [Wireshark-dev] Using wireshark apis
- From: Gupta, Pavan
- Re: [Wireshark-dev] Using wireshark apis
- From: Eloy Paris
- [Wireshark-dev] Using wireshark apis
- Prev by Date: Re: [Wireshark-dev] plugin Linux Makefile failure
- Next by Date: Re: [Wireshark-dev] VoIP call -- RTP trace --
- Previous by thread: Re: [Wireshark-dev] Using wireshark apis
- Next by thread: Re: [Wireshark-dev] Using wireshark apis
- Index(es):
- Get Wireshark
- Download
- Code of Conduct