Question

Closed. This question is seeking recommendations for books, tools, software libraries, and more. It does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 5 years ago.

Improve this question

Googling didn t give me great results. Is there any sort of API for Wireshark that abstracts away from the main source code so we can develop programs that interact with it and deal with the data it provides?

edit: I appreciate the suggestions for different ways to receive packets, but I want to implement packet injection into Wireshark. Sniffing will be an important part of my project, however I m not sure that the suggested solution allows for packet injection.

Answer 1

I use pypcap to read packets and dpkt to parse.

For example, to use dpkt to read packets from a saved pcap:

import socket
import dpkt
import sys
pcapReader = dpkt.pcap.Reader(file(sys.argv[1], "rb"))
for ts, data in pcapReader:
    ether = dpkt.ethernet.Ethernet(data)
    if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
    ip = ether.data
    src = socket.inet_ntoa(ip.src)
    dst = socket.inet_ntoa(ip.dst)
    print "%s -> %s" % (src, dst)

To grab frames off the wire with pypcap:

    import pcap
    pc = pcap.pcapObject()
    dev = sys.argv[1]
    pc.open_live(dev, 1600, 0, 100)
    pc.setfilter("udp port 53", 0, 0)
    while 1:
        pc.dispatch(1, p.pcap_dispatch)

Of course, the two can be used together: (ripped from pypcap s homepage)

>>> import dpkt, pcap
>>> pc = pcap.pcap()
>>> pc.setfilter( icmp )
>>> for ts, pkt in pc:
...     print `dpkt.ethernet.Ethernet(pkt)`

Good luck!

Answer 2

tshark provides a CLI to much of Wireshark s functionality, if you are looking to harness Wireshark s protocol analyzers and data manipulation capabilities.

If you wanted to do some digging into Wireshark s source code, it has several C libraries that may be of use, particularly wiretap and epan. Examples of its use can be found in the tshark source. You have to erect quite a bit of scaffolding to use the libraries, however.

If you are looking to develop plugins, this page may hold some answers for you.

Answer 3

Try the lua scripting that they ve got in the newer versions of wireshark.. you can write custom dissectors (for your own protocols and so on).

http://wiki.wireshark.org/Lua

Answer 4

c++ well could not find one.. but here is the wireshark documentation of Python support..! http://wiki.wireshark.org/Python

Answer 5

I wasn t able to find any information indicating that to be possible in the developer s guide. So that seems indicate "no".

Answer 6

Since there s at least one that makes commercial products that integrate somewhat with wireshark , it has to be possible. It seems the immediate integration point is with the data it produces according to wikipedia, Wireshark uses libpcap. A quick google search reveals that there are several options

Scapy actually looks kind of interesting, though it doesn t really do anything to interact with wireshark, but you can capture packets with it.

Answer 7

wireshark uses libpcap, this library abstracts away platform differences in packet sniffing and provides a format for data files. that s how I d inject packets into wireshark.

友情链接