Gustavo wrote:
Hello everybody.
I was asked to study a way for communicating between Wireshark and a
commercial tool in Windows. Wireshark should analyze network traffic,
dissect it and pass (part of) it to the commercial tool for further
analysis and statistics.
What exactly do you want to feed into the other tool? The ASCII decode
like:
Ethernet II, Src: 00:14:4f:94:bb:0d (00:14:4f:94:bb:0d), Dst: 00:0e:0c:b5:22:3b (00:0e:0c:b5:22:3b)
Destination: 00:0e:0c:b5:22:3b (00:0e:0c:b5:22:3b)
Address: 00:0e:0c:b5:22:3b (00:0e:0c:b5:22:3b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 00:14:4f:94:bb:0d (00:14:4f:94:bb:0d)
Address: 00:14:4f:94:bb:0d (00:14:4f:94:bb:0d)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
?
In that case you should probably use 'tshark' and you could (I suppose
this would work on Windows) do something like:
tshark -V -r /some/cap/file | the_other_analyzer
though I doubt that the commercial tool will really understand this
output...