On Aug 25, 2008, at 2:51 PM, Martin Corraine (mcorrain) wrote:
We are using the tshark command to convert the PCAP to text format.
I assume by "convert the PCAP to text format" they mean "convert a
packet's raw data, plus time stamp and length information of the type
you get from libpcap/WinPcap, into a text display similar to what
you'd get from 'tshark -r {file} -V'".
However, we would want to know if there is a programmatic API to do
the same conversion as it is very slow every time we get a packet to
run this system command and perform this conversion.
If by "API" you mean "programming interface that we officially
document and that we aren't going to change in any incompatible
fashion", no, there isn't currently any such API.
One *could* link an application with libwireshark and have it do the
dissection, similar to what Wireshark and TShark (both linked with
libwireshark) do; figuring out how to do that is left as an exercise
for the reader (look at the tshark source code, for hints). Any code
written to do that might have to change with future Wireshark
releases, however.
We want to do it from one of the application which is currently
capturing the packets using JPCAP and wants to convert it to text
for analysis.
Doing it from Java (as I infer, from the "jpcap", they want to do) is
even more of an exercise for the reader. I presume it would involve
somehow connecting up some code that calls libwireshark with the JVM
using the JNI.