Right now, the code will be public domain due to U.S. Government law
since only government employees will be working on the software. The
problem is that we are also trying to look to the future when we open up
the development to other industry experts.
We would like to find an elegant solution to use the Wireshark
dissectors without having to link in the libraries, if possible. We are
totally redesigning some software that previously used a Tshark
interface. This was clunky and a very brute force method. It started a
Windows process, scripted a line in Tshark, collected the standard
output, then had to perform text processing on the output to determine
the results. The text processing was very cumbersome and led to all
sorts of data errors and sometimes overflow crashes.
What I am looking for is a way to have a way to filter a capture file
for specific packets and then pull particular pieces of data out of
those packets. The data that I need to pull out is not always what is
displayed in the "single-line" packet display that Wireshark and Tshark
display. Most of the data we need is only displayed in the full packet
view. I've tried to use Wireshark/TShark to convert these files to
PDML, but then they explode to multiple hundreds of Megabytes. I have
not found a good way to process these large files.
My project involves doing performance analysis on industrial Ethernet
devices. Right now, I am working on cyclic jitter analysis of the
EtherNet/IP protocol (CIP and ENIP). I am using a commercial network
analyzer to collect the data, then I post-process the data in Tshark and
some custom software. I would like to eliminate the Tshark step because
of the reasons I described above. I would like to find a way under
Windows to connect to Wireshark via a socket interface (or Tshark if
absolutely necessary) that could maintain the binary nature of the data
and allow me access to the specific data I need.
-- Jim
Joerg Mayer wrote:
On Wed, Mar 05, 2008 at 01:11:19PM -0500, James Gilsinn wrote:
I am working on a software package and would like to use the Wireshark
packet dissectors instead of writing my own. I am a U.S. Government
employee, so any code that I write is public domain and not subject to
the GPL. I am trying to find out if there is a way to interface to
Wireshark without having to compile the Wireshark libraries into my
software. I would like to avoid the licensing issues of GPL vs. public
domain vs. company proprietary software that may arise as part of the
project I'm involved.
Actually: If your program is in the public domain, then it should be
possible to link against the Wireshark sources. The resulting binaries
would be covered by the GPL but the sources could remain in the PD
(if it really is PD - I'd need to see the license of course).
ciao
Joerg
--
~ James D. Gilsinn ~ Phone: 301-975-3865 ~
~ Electronics Engineer ~ Cell: 301-706-9985 ~
~ NIST, Manufacturing Eng. Lab ~ Fax: 301-990-9688 ~
~ 100 Bureau Drive, Stop 8230 ~ Email: james.gilsinn@xxxxxxxx ~
~ Gaithersburg, MD 20899-8230 USA ~ Web: http://www.isd.mel.nist.gov/ ~
