Is there an API to decode a memory buffer containing the contents of a captured packet?

["A. Sinan Unur" <sinan () unur com>]

Hello all:

I maintain the Net::Sharktools package for Perl which was a straight
conversion using Armen Babikyan's pyshark (see
<http://seclists.org/wireshark/2010/Nov/62>). The API is simple: There
is a single function, perlshark_read, which takes the name of a
capture file and some options, and then uses Wireshark functions to
process the file offline.

I am wondering if there is a way to add the option of passing a buffer
containing a captured packet (or packets) and have it be decoded by
some Wireshark library routine.

I am not familiar with the internals of Wireshark at all. I have been
digging through the sources for a while and reading the READMEs, but I
am thoroughly lost and would appreciate a pointer if there is a way to
start with the contents of a packet (or packets) in a memory buffer
and and have that decoded by Wireshark with no external files
involved.

My searches of the mailing list archives did not turn up anything
useful probably due to me not using the right terms.

Thank you.

-- Sinan

-- 
A. Sinan Unur
http://www.unur.com/sinan/
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe