Wireshark · Wireshark-dev: Re: [Wireshark-dev] About Wiretap Library

Wireshark-dev: Re: [Wireshark-dev] About Wiretap Library

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 26 Apr 2010 14:36:02 -0700

On Apr 26, 2010, at 1:24 PM, p2m p2m wrote:

> I need to capture iSCSI packets (using tshark) and then open the capture files and get the data I need using a dissector to analise it.

Wireshark's capture files are in pcap format, so libpcap/WinPcap can also be used to read the raw packet data.  libpcap/WinPcap are documented, and have a standard stable API for reading capture files, unlike Wiretap, whose API is subject to incompatible change.

Note that libpcap/Winpcap *AND* Wiretap both just give you raw packet data; they do not do *any* dissection.

Follow-Ups:
- Re: [Wireshark-dev] About Wiretap Library
  - From: p2m p2m

References:
- [Wireshark-dev] About Wiretap Library
  - From: p2m p2m
- Re: [Wireshark-dev] About Wiretap Library
  - From: Stephen Fisher
- Re: [Wireshark-dev] About Wiretap Library
  - From: p2m p2m

Prev by Date: [Wireshark-dev] Code Collaborator from SmartBear Software
Next by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86
Previous by thread: Re: [Wireshark-dev] About Wiretap Library
Next by thread: Re: [Wireshark-dev] About Wiretap Library
Index(es):
- Date
- Thread