Wireshark mailing list archives
Is there an API to decode a memory buffer containing the contents of a captured packet?
From: "A. Sinan Unur" <sinan () unur com>
Date: Mon, 6 Jun 2011 11:25:15 -0400
Hello all: I maintain the Net::Sharktools package for Perl which was a straight conversion using Armen Babikyan's pyshark (see <http://seclists.org/wireshark/2010/Nov/62>). The API is simple: There is a single function, perlshark_read, which takes the name of a capture file and some options, and then uses Wireshark functions to process the file offline. I am wondering if there is a way to add the option of passing a buffer containing a captured packet (or packets) and have it be decoded by some Wireshark library routine. I am not familiar with the internals of Wireshark at all. I have been digging through the sources for a while and reading the READMEs, but I am thoroughly lost and would appreciate a pointer if there is a way to start with the contents of a packet (or packets) in a memory buffer and and have that decoded by Wireshark with no external files involved. My searches of the mailing list archives did not turn up anything useful probably due to me not using the right terms. Thank you. -- Sinan -- A. Sinan Unur http://www.unur.com/sinan/ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Is there an API to decode a memory buffer containing the contents of a captured packet? A. Sinan Unur (Jun 06)