On Dec 3, 2011, at 9:40 AM, Akos Vandra wrote:
> So in order to support a new data source only libpcap should be
> modified?
Ideally, yes.
> I have no experience with it, so I'm not sure how wireshark
> and libpcap are interfaced... Does libpcap offer a list of available
> capture source for wireshark,
Yes - that's pcap_findalldevs().
> so it can use a new capture source
> without any modification to wireshark?
Yes.
> In this case the libpcap developers would be more able to help me get started...
Yes. Join tcpdump-workers@xxxxxxxxxxx:
http://www.tcpdump.org/#mailing-lists
(it's a fairly low-volume list) and ask about it there. Give details of your new packet source, including the OSes on which it should be supported and the link-layer header type (if it's not one of the ones described at
http://www.tcpdump.org/linktypes.html
you'll need a new link-layer header type value no matter *how* it's to be supported in Wireshark).