Hi folks,
Following on from my 'experiments' with piping pcap-ng captures into
Wireshark, I realized that that is not what I wanted to do.
There are cases where one has a packet capture application that would
like to pump (or pimp) packet captures into Wireshark.
The attached patch allows:
1. A custom dumpcap program to be specified, and
2. For the custom dumpcap program to push pcap or pcap-ng captures at
Wireshark at its discretion, with each new capture causing Wireshark
to dissect the new capture and display it without exiting and starting
up again.
Of course the changes have some warts that one would want to get rid
of, but it represents an interesting approach to driving Wireshark, it
seems to me.
My current custom dumpcap progam is a Python program that puts up a
list of .cap files in the directory passed in and allows you to pump
them into Wireshark one by one ...
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
Attachment:
wireshark-custom-dumpcap.patch
Description: Binary data
