Wireshark-dev: Re: [Wireshark-dev] Extending wireshark's capture capabilities
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Mon, 17 Sep 2007 20:18:20 +0200
Hi,

Better contact the TCPdump/libpcap mailing list (http://www.tcpdump.org/) and WinPcap (http://www.winpcap.org) mailing list and ask how to get ahead. A DLT_ value could be all you need?

Thanx,
Jaap

Will Barker wrote:
We currently produce PC-based WAN products. These include support for synchronous protocols such as X.25, PPP etc.

We can currently capture frames using our own drivers/applications on Windows and linux, save this information to file (in libpcap format) which can then subsequently be read by wireshark.

While this is useful it would be great if we could achieve the same thing but in real-time.

I assume that this could (technically) be achieved on Windows either by

1) extending winpcap in someway to enable it to capture our frames and pass them up to Wireshark

2) sit alongside winpcap and offer the frames up to wireshark directly ourselves

I assume 2) would require us to produce our own capture driver (NDIS on Windows) which Wireshark would see as a pseudo LAN driver and we could pass our WAN frames up to it using some (libpcap-based?) format or other?

Can anyone point me in the right direction as to how to achieve this? Developing the NDIS driver itself is not a problem since we’ve lots of experience there – the issue is one of interfaces and what is required in that regard in order for us to interface to wireshark as seamlessly as possible.

The next question would then be – how to achieve the same thing on linux?

Thanks

Will