On Mon, Oct 25, 2010 at 08:45:33AM -0500, Craig Votava wrote:
> My tool is a real-time GUI for analyzing trace output. When the user
> clicks on a message, I want a selected portion of the ASCII tshark
> output (the meat of the message without the IP headers) slapped up in
> a window quickly.
Have you taken a look at rawshark, which comes with Wireshark? I've
never worked with it, but figured that I would let you know it exists in
case it could be helpful. From rawshark.c:
/*
* Rawshark does the following:
* - Opens a specified file or named pipe
* - Applies a specfied DLT or "decode as" encapsulation
* - Reads frames prepended with a libpcap packet header.
* - Prints a status line, followed by fields from a specified list.
*/