Wireshark-users: Re: [Wireshark-users] standalone packet dissection

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 2 Jun 2010 16:29:43 -0700
On Jun 2, 2010, at 3:58 PM, Zack Elan wrote:

> Is it possible to call a packet dissector from external code? Specifically, I’d be calling into the SMB/SMB2 dissectors from C#, though I realize I’ll almost certainly have to write some C or C++ glue code to get them talking to each other.

There's no infrastructure whatsoever for calling *individual* dissectors externally.

There a couple of programs, called "Wireshark" and "TShark", that call library routines to dissect the entire packet.  However, the library is somewhat oriented towards the needs of those particular programs.

(I.e., we have a Wireshark library - that's what's in the epan directory in the Wireshark source - and Wireshark and TShark call routines in that library to do dissection.)

> What I’m trying to do is use the Wireshark dissectors as a reference implementation for automated testing of the SMB library my company is developing (we can’t re-use the Wireshark dissector directly, for both legal reasons – we’re a closed-source, commercial product – and technical reasons).

Calling libwireshark routines would amount to re-using them directly, for legal reasons - you cannot make a product out of libwireshark without your product being GPLed.

You would have to, for example, somehow run TShark "at arm's length" as a separate process, hand the packets to it (perhaps over a pipe), and get the dissected output, e.g. in PDML format (perhaps over another pipe).