Gupta, Pavan wrote:
I am a newb to wireshark. We want to use Tshark for one of our projects
in following way:
1. Create a packet file in pcap format.
2. Call a function in Tshark giving the pcap file as input.
3. Tshark will dissect the contents of pcap file.
4. Take the output form Tshark function in form of a buffer and then
go on to use that information.
I would appreciate if someone can answer the following questions:
1. Is it possible to create a .so (shared library) for Tshark so that
a function giving input in pcap file format could be called from
the shared library.
You don't need to create a library from TShark, and you don't want to do
so. TShark is designed to be, and intended to be, an application, not a
library.
However, the TShark application's source code doesn't contain code to
read capture files and dissect packets. Instead, it links with two
libraries that are part of the Wireshark source tree, and that other
applications, such as Wireshark, use, namely libwiretap, to read capture
files (in libpcap and other formats), and libwireshark, to dissect packets.
You would want to write your own code to use those routines.
I have downloaded Wireshark code, but am unable to build it on x86
Solaris platform. I tried first running autogen script but it complains
of having incorrect automake version.
What does "automake --version" print? If it doesn't print 1.6 or a
later value, you need to get a newer version of automake and install it
if you plan to do anything with Wireshark that would involve changing
the Makefiles - and, given what you're doing, you *will* be changing the
Makefiles.
Are the following steps correct to build Wireshark:
1. Execute autogen script
2. Run configure
3. make
Yes.
