<p style="border: medium none; margin-top: 0px; margin-bottom: 13px; font-size:
13px; line-height: 19.8153px; max-width: 700px; font-family:
sans-serif;">Apologies in advance if this question is a bit long-ish.</p><p
style="border: medium none; margin-top: 0px; margin-bottom: 13px; font-size:
13px; line-height: 19.8153px; max-width: 700px; font-family: sans-serif;">I've
been wondering why Wireshark/tshark doesn't offer the option to export full
packet dissection data via named pipe (serialized binary data). Is this due to
design philosophy, lack of offers to write the code, or some other reason? Of
course, packet dissection data can be written out to stdout or a file in xml
format. Perhaps this meets most needs?</p><p style="border: medium none;
margin-top: 0px; margin-bottom: 13px; font-size: 13px; line-height: 19.8153px;
max-width: 700px; font-family: sans-serif;">Reason for the question is that I
needed a dissection data export option that was more efficient than xml. My
solution was to modify tshark so it can leverage Google Protocol Buffers to
export packet dissection data as serialized binary data. Serialized dissection
data is written out to a named pipe. Protobuf dissect tree creation,
serialization, export code is all written in C++ and takes advantage of all the
optimization work Google has put into its Protobuf library. The client/read
side of the pipe can be written in any language supported by the Protobuf
library. I wrote mine in Python. The client reads and parses the serialized
dissection data (again) using Google Protobuf lib recreating dissection tree
data on client side.</p><p style="border: medium none; margin-top: 0px;
margin-bottom: 13px; font-size: 13px; line-height: 19.8153px; max-width: 700px;
font-family: sans-serif;">Would it be advantageous to incorporate the above
Protobuf approach into the Wireshark project or would the community consider it
unnecessary or perhaps undesirable?</p><p style="border: medium none;
margin-top: 0px; margin-bottom: 13px; font-size: 13px; line-height: 19.8153px;
max-width: 700px; font-family: sans-serif;">If you're curious about
implementation, you can see my project at the following location: <a
href="https://gitlab.com/MLandriscina/protoShark.git."; style="color: rgb(48,
96, 168);">https://gitlab.com/MLandriscina/protoShark.git.</a> This is the
first time that I've used Protobuf, so I wouldn't be surprised to discover that
better implementations are possible.</p>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
