Hello developers, I'm planning to develop a feature for two use cases. I'd like to control (or better select) the currently displayed packet from another process. I don't think Wireshark currently offers such a feature, so I'd like to get ideas how I should implement this. Let me first describe what I'd like to do.
I often have multiple capture files made a different points in the network and I want to track certain packets as they showed up the the capture files. I can start multiple Wireshark processes and load a capture file into each of them. Now I want to add a "fingerprint" to each packet, probably in the packet_info structure. The different dissectors can then calculate a fingerprint of the payload and set the fingerprint variable. Of course the idea is that my multiple Wireshark processes with the multiple capture files will see the same packets and the dissectors will calculate the same fingerprints. When I now select a packet in one of the Wiresharks I can ask that Wireshark to send a "goto request" to any other running Wireshark. The goto request will include the fingerprint of the current packet. When a Wireshark receives such a goto request it will check if it knows about a packet with such a fingerprint and then goes to that packet. The second use case is correlating capture files with log files (webserver, syslog). The log files usually contain a timestamp information (only with second precision, but better than nothing). I want to write a log file viewer which for every line calculates the Unix timestamp. If I select a line in my log file viewer it send a "goto request" to all running Wiresharks. Here the goto request contains the unix timestamp and Wireshark will go to the first packet >= the timestamp. The idea is that I can select an interesting point in time in my log file and see packets from that time in Wireshark. Both use cases involve a sender and multiple receiver scenario. I don't need to send these requests to a different computer, so a local message bus is sufficient. In the KDE and Gnome world http://www.freedesktop.org/wiki/Software/dbus would be a natural choice, but I don't think that Wireshark uses dbus on Windows or OsX. So I'd like to get opinions what kind of technology for the inter process communication I should use, that will work on Windows, OsX and the Linux/BSD world. Did someone start such a project? Would we prefer a certain existing protocol/library? I could also think about simply using a multicast socket and send messages across. This would without further effort allow Wireshark control from different hosts. -- ---> Dirk Jagdmann ----> http://cubic.org/~doj -----> http://llg.cubic.org ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
