Basically you want to use the dissection engine, without any *shark program. You could try out sharkd, or implement your program as an extcap application, which in turn will be used by any *shark program to collect the data.
The exact usecase cannot be achieved this way, but our engine was never designed to support such a usecase in any way. You can utilize our internal utilities of course, but there is no guarantee that it will stay compatible and most likely will break with every new version we release, leading to you constantly having to adapt your code.
kind regards
Roland
Am Fr., 15. Apr. 2022 um 22:44 Uhr schrieb Benjamin Mixon-Baca <
bmixonba@xxxxxxx>:
Hello,
I have a use-case where one program sniffs traffic, extracts the payload, and processes it. I want to be able to identify the protocol in use using the protocol dissectors but I don't want to write the packets to a file. A few possibilities I've considered are
1. Use epan (I believe) in my own code to perform the parsing/identification.
2. Write the packet to a socket that tshark is listening to and get the protocol information using IPC.
Any suggestions or advice on this front is greatly appreciated.
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe