Did you take a look at tshark's -T parameter? "tshark -T jsonraw" for instance, delivers full dissection in Json format. What would be needed is only to shove that into a pipe to capture from some other place.
Cheers Roland On Tue, Jul 11, 2017 at 2:48 PM, Mark Landriscina <[email protected]> wrote: > > Apologies in advance if this question is a bit long-ish. > > I've been wondering why Wireshark/tshark doesn't offer the option to > export full packet dissection data via named pipe (serialized binary data). > Is this due to design philosophy, lack of offers to write the code, or some > other reason? Of course, packet dissection data can be written out to > stdout or a file in xml format. Perhaps this meets most needs? > > Reason for the question is that I needed a dissection data export option > that was more efficient than xml. My solution was to modify tshark so it > can leverage Google Protocol Buffers to export packet dissection data as > serialized binary data. Serialized dissection data is written out to a > named pipe. Protobuf dissect tree creation, serialization, export code is > all written in C++ and takes advantage of all the optimization work Google > has put into its Protobuf library. The client/read side of the pipe can be > written in any language supported by the Protobuf library. I wrote mine in > Python. The client reads and parses the serialized dissection data (again) > using Google Protobuf lib recreating dissection tree data on client side. > > Would it be advantageous to incorporate the above Protobuf approach into > the Wireshark project or would the community consider it unnecessary or > perhaps undesirable? > > If you're curious about implementation, you can see my project at the > following location: https://gitlab.com/MLandriscina/protoShark.git. This > is the first time that I've used Protobuf, so I wouldn't be surprised to > discover that better implementations are possible. > > ____________________________________________________________ > _______________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject= > unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
