Hi all,
I've been using open source packet processing python packages to examine network captures but they all have their limitations: The most significant issue is that each protocol has to be implemented which is quite tedious. Other problems include performance (pure python implementations are easy to code but slower to execute) and reliability (less used or complex protocols often contain bugs).
I've looked into several solutions including scapy (not all protocols supported) and pyshark, a wrapper for the output of "tshark -T pdml" (too slow for sparse field / packet access).
To get the best of both, I created a SWIG wrapper of the
wireshark dissectors based on
tshark which can be used to access a specific member in the protocol tree. The module is in CR here:
https://code.
wireshark.org/review/21520
Looking forward to hearing your suggestions & comments,
Guy Dolinsky