Is There An Api For Wireshark, To Develop Programs/plugins That Interact With It/enhance It?
Solution 1:
I use pypcap to read packets and dpkt to parse.
For example, to use dpkt to read packets from a saved pcap:
import socket
import dpkt
importsyspcapReader= dpkt.pcap.Reader(file(sys.argv[1], "rb"))
for ts, data in pcapReader:
ether = dpkt.ethernet.Ethernet(data)
if ether.type != dpkt.ethernet.ETH_TYPE_IP: raiseip= ether.datasrc= socket.inet_ntoa(ip.src)
dst = socket.inet_ntoa(ip.dst)
print "%s -> %s" % (src, dst)
To grab frames off the wire with pypcap:
importpcappc= pcap.pcapObject()
dev = sys.argv[1]
pc.open_live(dev, 1600, 0, 100)
pc.setfilter("udp port 53", 0, 0)
while1:
pc.dispatch(1, p.pcap_dispatch)
Of course, the two can be used together: (ripped from pypcap's homepage)
>>>import dpkt, pcap>>>pc = pcap.pcap()>>>pc.setfilter('icmp')>>>for ts, pkt in pc:...print `dpkt.ethernet.Ethernet(pkt)`Good luck!
Solution 2:
tshark provides a CLI to much of Wireshark's functionality, if you are looking to harness Wireshark's protocol analyzers and data manipulation capabilities.
If you wanted to do some digging into Wireshark's source code, it has several C libraries that may be of use, particularly wiretap and epan. Examples of its use can be found in the tshark source. You have to erect quite a bit of scaffolding to use the libraries, however.
If you are looking to develop plugins, this page may hold some answers for you.
Solution 3:
Try the lua scripting that they've got in the newer versions of wireshark.. you can write custom dissectors (for your own protocols and so on).
Solution 4:
c++ well could not find one.. but here is the wireshark documentation of Python support..! http://wiki.wireshark.org/Python
Solution 5:
I wasn't able to find any information indicating that to be possible in the developer's guide. So that seems indicate "no".
Post a Comment for "Is There An Api For Wireshark, To Develop Programs/plugins That Interact With It/enhance It?"