Gupta, Pavan wrote: > I am a newb to wireshark. We want to use Tshark for one of our projects > in following way: > > 1. Create a packet file in pcap format. > 2. Call a function in Tshark giving the pcap file as input. > 3. Tshark will dissect the contents of pcap file. > 4. Take the output form Tshark function in form of a buffer and then > go on to use that information. > > I would appreciate if someone can answer the following questions: > > 1. Is it possible to create a .so (shared library) for Tshark so that > a function giving input in pcap file format could be called from > the shared library.
You don't need to create a library from TShark, and you don't want to do so. TShark is designed to be, and intended to be, an application, not a library. However, the TShark application's source code doesn't contain code to read capture files and dissect packets. Instead, it links with two libraries that are part of the Wireshark source tree, and that other applications, such as Wireshark, use, namely libwiretap, to read capture files (in libpcap and other formats), and libwireshark, to dissect packets. You would want to write your own code to use those routines. > I have downloaded Wireshark code, but am unable to build it on x86 > Solaris platform. I tried first running autogen script but it complains > of having incorrect automake version. What does "automake --version" print? If it doesn't print 1.6 or a later value, you need to get a newer version of automake and install it if you plan to do anything with Wireshark that would involve changing the Makefiles - and, given what you're doing, you *will* be changing the Makefiles. > Are the following steps correct to build Wireshark: > > 1. Execute autogen script > > 2. Run configure > > 3. make Yes. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
