Armen,
I might be interested in such a tool. Also, by 'bootstrapping
portion' do you mean the one-time epan structure
initialization/destruction calls as well as the proper init/malloc/
free per-packet calls?
rkm
On Mar 12, 2008, at 5:28 PM, Armen Babikyan wrote:
Hello,
A few months ago, I wrote a tool that lets me use Wireshark's packet
dissection capabilities in Matlab, to numerically analyze packets.
For
example:
b = tshark_read('ws1.pcap', {'frame.number', 'ip.version',
'tcp.seq', 'udp.dstport', 'frame.pkt_len'}, 'ip.version eq 4')
b =
1x14630 struct array with fields:
frame_number
ip_version
tcp_seq
udp_dstport
frame_pkt_len
b(3)
ans =
frame_number: 6
ip_version: 4
tcp_seq: []
udp_dstport: 9618
frame_pkt_len: 1042
With this array of structs, a Matlab programmer could trivially plot
packet fields with respect to time, or whatever.
My code, however, makes use of (among other things) the general
bootstrapping portion of libwireshark's API, and I've run into
compatibility issues between successive versions of Wireshark that
have
similar, but not identical, bootstrapping APIs. Does the Wireshark
project intend to standardize this part of the libwireshark soon?
If the Wireshark is not intending to standardize libwireshark's API
anytime soon, would the developers consider creating #defines for
major,
minor, and minorminor numbers for the current version of wireshark,
so I
can create preprocessor directives based on these to account for
further
changes to the libwireshark API? For example, I'd like something
like this:
#define VERSION "0.99.5" // already exists
#define VERSION_MAJOR 0
#define VERSION_MINOR 99
#define VERSION_MINORMINOR 5
Lastly, is the general public interested in this tool?
Let me know your thoughts. Thanks!
Armen
--
Armen Babikyan
MIT Lincoln Laboratory
armenb@xxxxxxxxxx . 781-981-1796
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
