Wireshark · Wireshark-dev: Re: [Wireshark-dev] Adding a new data source

Wireshark-dev: Re: [Wireshark-dev] Adding a new data source

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sat, 3 Dec 2011 10:02:49 -0800

On Dec 3, 2011, at 9:40 AM, Akos Vandra wrote:

> So in order to support a new data source only libpcap should be
> modified?

Ideally, yes.

> I have no experience with it, so I'm not sure how wireshark
> and libpcap are interfaced... Does libpcap offer a list of available
> capture source for wireshark,

Yes - that's pcap_findalldevs().

> so it can use a new capture source
> without any modification to wireshark?

Yes.

> In this case the libpcap developers would be more able to help me get started...

Yes.  Join tcpdump-workers@xxxxxxxxxxx:

	http://www.tcpdump.org/#mailing-lists

(it's a fairly low-volume list) and ask about it there.  Give details of your new packet source, including the OSes on which it should be supported and the link-layer header type (if it's not one of the ones described at

	http://www.tcpdump.org/linktypes.html

you'll need a new link-layer header type value no matter *how* it's to be supported in Wireshark).

Follow-Ups:
- Re: [Wireshark-dev] Adding a new data source
  - From: Akos Vandra

References:
- [Wireshark-dev] Adding a new data source
  - From: Akos Vandra
- Re: [Wireshark-dev] Adding a new data source
  - From: Guy Harris
- Re: [Wireshark-dev] Adding a new data source
  - From: Akos Vandra

Prev by Date: Re: [Wireshark-dev] Adding a new data source
Next by Date: Re: [Wireshark-dev] Adding a new data source
Previous by thread: Re: [Wireshark-dev] Adding a new data source
Next by thread: Re: [Wireshark-dev] Adding a new data source
Index(es):
- Date
- Thread