Wireshark-dev: Re: [Wireshark-dev] Wireshark Code

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 10 Jul 2010 15:28:27 -0700
On Jul 10, 2010, at 3:22 PM, Maverick wrote:

> I am new to wireshark source code and looking for some advice. Is it possible to borrow wireshark code to do application level processing e.g use wireshark voip or p2p code to implement in my own program to do processing on pcap captures. Can someone direct me to a guide and tutorial that do that kind work. I would really appreciate it.

Unfortunately, it's not easy to take small bits of Wireshark code out of the program and use it, which is why no such guide exists, and, therefore, why nobody can direct you to it.

First of all, if you're planning on using the statistics, etc. part of analysis of VoIP and P2P protocols, you still need the dissectors for those protocols.  Furthermore, you would need more than the dissectors for the VoIP and P2P protocols, you need all the protocols below them - and, by the time you're done, you have something that's essentially "Wireshark with some protocol dissectors missing", which isn't that different from "Wireshark with some protocol dissectors disabled", which you can do without modifying the Wireshark code, but it wouldn't help the "big files" problem, which is presumably the problem you're ultimately trying to solve here.