Re: Wireshark GUI filter control from external applications.

[Hadriel Kaplan <HKaplan () acmepacket com>]

Not critiquing your approach, but if you've got a tool that analyzes pcap data for TCP/IP connections/stats, and also 
uses Wireshark, why not just write the tool inside Wireshark? (e.g., as a tap)
Alternatively, if your tool is stand-alone and uses Wireshark only for detailed drill-down on-demand, why not start 
Wireshark with the command line and use the "-R" command-line option to set the display filter?

Otherwise, using sockets/pipes to do it seems reasonable, but you may not need to modify Wireshark's C-code to 
accomplish it - you might be able use a Wireshark Lua plugin which uses LuaSocket to communicate to your application, 
and have the Lua plugin call set_filter() and apply_filter() to change the display filter.

-hadriel


On Feb 11, 2013, at 5:43 AM, Lee Brooks <lee.brooks.inbox () gmail com<mailto:lee.brooks.inbox () gmail com>> wrote:

Hi,

Thank you for replying.

Sure, firstly for other bespoke network analysis tools that aim to use Wireshark to analyse low level network data (but 
where the main focus of the tool isn't aimed at that level of detail). In comparison to it's alternatives Wireshark is 
feature-rich, very customisable and also stable which makes it desirable to hook into from other applications. This 
type of tool ranges from in-house testing tools to other open-source applications.

For my self personally, a colleague and I are hoping to release a light-weight open source tool that provides a 
top-down view on network data. It has already been written, tested and used in anger by others at the company where we 
work. It analyses pcap data then provides statistics on a list of IP conversations between hosts, allowing you to drill 
down into details about the TCP Connections for each conversation. Then from TCP Connections it can drill down into the 
individual packet data where it currently hooks into a prototype-dev version of Wireshark (by changing the filters on 
the GUI). It also provides the ability to script your own data classifications to help identify specific network 
conditions quickly. Our aim is to release it to the open source community within the next few weeks/months.

In my opinion I would rather connect to a Wireshark remote control API than use a bespoke version or re-create the 
wheel.

I think a "GUI remote control" would only need to support "Change GUI Filter" and "Remove GUI Filter" although it has a 
lot more potential too. I have implemented these controls in our prototype-dev version or Wireshark and the source code 
supports it fairly well.

Any help you can offer would be appreciated.

Thanks,

Lee


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe