Wireshark-dev: Re: [Wireshark-dev] Embedding external program into wireshark menu
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Roland Knall <rknall@xxxxxxxxx>
Date: Thu, 14 Jul 2016 13:42:46 +0200
Hi

In principal there exists an interface called extcap, which allows it to implement separate utilities as capture interfaces. See sshdump or androiddump for example. Those interfaces then will create the pcap trace and wireshark can utilize them, as if they where a network card or similar.

For creating entries in the Wireshark toolbar, you will have to create a separate utility, which utilizes the plugin_if (see epan/plugin_if.h) interface. With that you can add a completely independant utility to Wireshark, which for example could present a graphical representation for a tap interface, or similar. It is currently not possible to start or stop a capture using this interface, but such methods could be easily implemented, similar to the configuration and frame jump features already present.

regards,
Roland

On Thu, Jul 14, 2016 at 4:44 AM, Raj <rajesh.awake@xxxxxxxxx> wrote:

Hello friends,

We have a packet capturing application product. we have developed a tool in which we first get the captured packet data ( pcap file based on metadata information provided in query) and provided a button on the GUI of the tool to open the retrieved packet data (pcap file) in wireshark analyzer.

Now we want to incorporate this tool directly inside the wireshark analyzer. i.e. Sent from my iPhone kind of plugin or can embed in one of the existing menu like Tools -> (parallel to Lua menu).

From the new plugin expected to be developed, when the user clicks the menu for our product, then the original tool ( windows msi app) should be invoked and when the user inputs the metadata for query and gets the pcap as a result, and should then open in the wireshark automatically.

I am new to wireshark open source project. and not sure where to start from. in first place whether this is possible or not. Could you please confirm if this is possible and how?

Thanks & Regards,

~Rajesh




--
Thanks & Regards,
~Rajesh


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe