|Main Archive Page > Month Archives > wireshark-dev archives|
On 08/18/2010 01:34 PM, Mark Landriscina wrote:
> My motivation was that I wanted to do some work with Scapy and needed
> to access application layer protocol dissections within Python
> without re-writing all the dissection code already available in
I am not a Python guy but my understanding is that there is Python
support in Wireshark trunk (perhaps in 1.4.x). Did you look into that
and determined that it wasn't good enough for what you need? Just curious.
> a. Modified tshark code base and compiled it as a library,
> libtshark.a. This is the original tshark executable, more or less,
> with some notable additions. In particular, after packet dissection,
> the epan dissection tree data is copied off into another tree
> structure that I've defined. This t_dissect_node tree is then
> serialized and written out over a named-pipe. The name of the
> named-pipe is defined by the user at run-time. The code to
> unserialize the t_dissect_node tree is also part of libtshark.a.
> Also, I have incorporated some additional helper code that makes tree
> navigation easier. A function named 'run' is called to start tshark
> and accepts as parameters tshark command line args.
Any reason you chose to integrate tshark instead of libwireshark, which
is what does all the dissection work, as Guy mentioned? I would guess
that it is because it is easier to execute tshark than to fully
integrate libwireshark, but then I don't understand why you need to make
tshark a library instead of just executing it from within Python.
I actually had a similar need and my approach was to interface with
libwireshark. You can check out my work at http://netexpect.org.
Sent via: Wireshark-dev mailing list <email@example.com>