On Mar 18, 2007, at 2:37 PM, Andreas Bakurov wrote:
I'm writing a program that should parse TCP/IP packets, currently I'm
using libpcap for this purpose which doesn't help much (I should cast
each packet to the header structure).
Is there a way to reuse wireshark code ?
That depends on what you mean by "parse".
The core dissection code for Wireshark is, on most systems, installed
as a shared library (.so, .dylib, DLL, etc.), and, if properly used,
can take packet data and turn it into a "protocol tree", which
corresponds to the packet detail pane you see in Wireshark. That's
the sort of parsing you could do with the Wireshark code.
is there documented API available?
No. Currently, the API isn't documented, and also isn't stable, so
you can't rely on it remaining unchanged from Wireshark release to
Wireshark release. (You can probably count on it *changing* at some
point. Eventually, we'd like to have a stable API, but that requires
that it be an API that's not going to leave us having painted
ourselves into a corner.)