Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Tim Furlong
Harris [mailto:g...@alum.mit.edu] > Sent: Saturday, 28 November 2015 4:54 AM > To: Developer support list for Wireshark <wireshark-dev@wireshark.org> > Cc: Richard Kinder <rkin...@quantenna.com> > Subject: Re: [Wireshark-dev] wiretap - using as a library rather than > coup

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Guy Harris
On Dec 3, 2015, at 7:29 AM, Tim Furlong wrote: > One of the biggest challenges you'll face in this is that the code to parse > radiotap is in epan/dissectors and gets compiled into libwireshark; you won't > want to pull libwireshark in to editcap (it'd kind of defeat

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Richard Kinder
To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark? Hi Richard, Sorry for the delay in getting back to you - and I wish I had more time to look into it before responding, but th

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Richard Kinder
t list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark? On Dec 3, 2015, at 7:29 AM, Tim Furlong <dev.null.2...@gmail.com> wrote: > One of the biggest challenges you'll face in this is that the code

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Guy Harris
On Dec 3, 2015, at 2:53 PM, Richard Kinder wrote: > From what I can see, peektagged has no TSF timestamp The "Peek tagged" format (to use WildPackets^WSavvius's name for it) *does* support TSF time stamps; whether a given capture will have them is another matter. >

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Guy Harris
On Dec 3, 2015, at 2:02 PM, Richard Kinder wrote: > and I get something which is pcap + RT. I’m pushing the packet timestamp from > the airopeek capture into the tsfts RT field, "RT" as in "radiotap"? If so, the packet timestamp should not be used as the TSF timestamp

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Richard Kinder
list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark? On Dec 3, 2015, at 2:02 PM, Richard Kinder <rkin...@quantenna.com> wrote: > and I get something which is pcap + RT. I’m pushing the packet

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Richard Kinder
cember 2015 9:28 AM To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark? On Dec 3, 2015, at 2:02 PM, Richard Kinder <rkin...@quantenna.com> wrote: > and I get something wh

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Guy Harris
On Dec 3, 2015, at 3:12 PM, Guy Harris wrote: > On Dec 3, 2015, at 2:53 PM, Richard Kinder wrote: > >> From what I can see, peektagged has no TSF timestamp > > The "Peek tagged" format (to use WildPackets^WSavvius's name for it) *does* > support TSF

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-12-03 Thread Richard Kinder
dev@wireshark.org> Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark? On Dec 3, 2015, at 3:12 PM, Guy Harris <g...@alum.mit.edu> wrote: > On Dec 3, 2015, at 2:53 PM, Richard Kinder <rkin...@quantenna.com> wrote: > >> From what I

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-30 Thread Richard Kinder
<rkin...@quantenna.com> Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark? On Nov 27, 2015, at 7:09 AM, Tim Furlong <dev.null.2...@gmail.com> wrote: > Sorry if I'm just missing something, but would editcap itself do the job? > > edi

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-27 Thread Guy Harris
On Nov 27, 2015, at 7:09 AM, Tim Furlong wrote: > Sorry if I'm just missing something, but would editcap itself do the job? > > editcap > > should read your Wildpackets file and produce a pcapng file; add a "-F pcap" > for pcap format instead. ...as long as it's

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-27 Thread Dario Lombardo
The scenario I was figuring out was to have a software that wants to leverage the libwiretap features. The user could build wiretap in the original wireshark dir, as normal. Then it could compile/link the new software againts the compiled lib. That implies a process made by hand and not

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-27 Thread Bálint Réczey
Hi Dario, You did not write the platforms you want to support, but in case it is just Ubuntu/Debian there are pre built wiretap headers and librerary for your consumption :-): https://packages.debian.org/unstable/libwiretap-dev It releasing the new software under GPL2+ we can integrate it to

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-27 Thread Bálint Réczey
2015-11-27 9:45 GMT+01:00 Bálint Réczey : > Hi Dario, > > You did not write the platforms you want to support, but in case it is just > Ubuntu/Debian there are pre built wiretap headers and librerary for your > consumption :-): >

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-26 Thread Guy Harris
On Nov 25, 2015, at 9:30 PM, Richard Kinder wrote: > I’m looking at making a small tool to translate .pkt files (Wildpackets, > specifically the wireless traces) to pcap/pcapng format on the command line, > and it seems wiretap is one of the few options available

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-26 Thread Richard Kinder
<wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark? On Nov 25, 2015, at 9:30 PM, Richard Kinder <rkin...@quantenna.com> wrote: > I’m looking at making a small tool to translate .pkt files (Wildpackets,

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-26 Thread Dario Lombardo
On Thu, Nov 26, 2015 at 9:41 AM, Guy Harris wrote: > > It can't be, and probably will never be able to be, built independently of > the "Wireshark utilities" library, the source to which is in the wsutil > directory. > Provided that this is not a published lib, that has an

Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-26 Thread Guy Harris
On Nov 26, 2015, at 1:18 AM, Dario Lombardo wrote: > Provided that this is not a published lib, that has an unstable interface, > that... whatever constraint you can figure out, I think that it could be used > "as-is". To achive that wouldn't be enough to add the

[Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

2015-11-25 Thread Richard Kinder
Hi all, I'm looking at making a small tool to translate .pkt files (Wildpackets, specifically the wireless traces) to pcap/pcapng format on the command line, and it seems wiretap is one of the few options available online. Question: Can the library be built independently of Wireshark? Thanks