Wireshark mailing list archives
A custom dumpcap program and driving Wireshark from it
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sat, 26 May 2012 19:17:08 -0700
Hi folks, Following on from my 'experiments' with piping pcap-ng captures into Wireshark, I realized that that is not what I wanted to do. There are cases where one has a packet capture application that would like to pump (or pimp) packet captures into Wireshark. The attached patch allows: 1. A custom dumpcap program to be specified, and 2. For the custom dumpcap program to push pcap or pcap-ng captures at Wireshark at its discretion, with each new capture causing Wireshark to dissect the new capture and display it without exiting and starting up again. Of course the changes have some warts that one would want to get rid of, but it represents an interesting approach to driving Wireshark, it seems to me. My current custom dumpcap progam is a Python program that puts up a list of .cap files in the directory passed in and allows you to pump them into Wireshark one by one ... -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)
Attachment:
wireshark-custom-dumpcap.patch
Description:
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- A custom dumpcap program and driving Wireshark from it Richard Sharpe (May 26)