On Mon, Oct 25, 2010 at 08:45:33AM -0500, Craig Votava wrote: > My tool is a real-time GUI for analyzing trace output. When the user > clicks on a message, I want a selected portion of the ASCII tshark > output (the meat of the message without the IP headers) slapped up in > a window quickly.
Have you taken a look at rawshark, which comes with Wireshark? I've never worked with it, but figured that I would let you know it exists in case it could be helpful. From rawshark.c: /* * Rawshark does the following: * - Opens a specified file or named pipe * - Applies a specfied DLT or "decode as" encapsulation * - Reads frames prepended with a libpcap packet header. * - Prints a status line, followed by fields from a specified list. */ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
