tshark provides a CLI to much of Wireshark's functionality, if you are looking to harness Wireshark's protocol analyzers and data manipulation capabilities.
If you wanted to do some digging into Wireshark's source code, it has several C libraries that may be of use, particularly wiretap and epan. Examples of its use can be found in the tshark source. You have to erect quite a bit of scaffolding to use the libraries, however.
If you are looking to develop plugins, this page may hold some answers for you.
Since there's at least one that makes commercial products that integrate somewhat with wireshark , it has to be possible. It seems the immediate integration point is with the data it produces according to wikipedia, Wireshark uses libpcap. A quick google search reveals that there are several options
Scapy actually looks kind of interesting, though it doesn't really do anything to interact with wireshark, but you can capture packets with it.
wireshark uses libpcap, this library abstracts away platform differences in packet sniffing and provides a format for data files. that's how I'd inject packets into wireshark.
发布评论
评论(7)
我使用
pypcap读取数据包和dpkt进行解析。例如,使用 dpkt 从保存的 pcap 中读取数据包:
使用 pypcap 从网络上抓取帧:
当然,两者可以一起使用:(摘自 pypcap 的主页)
祝你好运!
I use
pypcapto read packets anddpktto parse.For example, to use dpkt to read packets from a saved pcap:
To grab frames off the wire with pypcap:
Of course, the two can be used together: (ripped from pypcap's homepage)
Good luck!
tshark 为 Wireshark 的大部分功能提供了 CLI,如果您正在寻找利用 Wireshark 的协议分析器和数据操作功能。
如果您想深入研究 Wireshark 的源代码,它有几个 C 库,可以使用很有用,特别是窃听和 epan。其使用示例可以在 tshark 源代码中找到。然而,你必须搭建相当多的脚手架才能使用这些库。
如果您想开发插件,此页面可能会为您提供一些答案。
tshark provides a CLI to much of Wireshark's functionality, if you are looking to harness Wireshark's protocol analyzers and data manipulation capabilities.
If you wanted to do some digging into Wireshark's source code, it has several C libraries that may be of use, particularly wiretap and epan. Examples of its use can be found in the tshark source. You have to erect quite a bit of scaffolding to use the libraries, however.
If you are looking to develop plugins, this page may hold some answers for you.
尝试他们在较新版本的wireshark中提供的lua脚本..您可以编写自定义解析器(用于您自己的协议等)。
http://wiki.wireshark.org/Lua
Try the lua scripting that they've got in the newer versions of wireshark.. you can write custom dissectors (for your own protocols and so on).
http://wiki.wireshark.org/Lua
c++ 找不到一个..但这里是Python支持的wireshark文档..!
http://wiki.wireshark.org/Python
c++ well could not find one.. but here is the wireshark documentation of Python support..!
http://wiki.wireshark.org/Python
我在开发人员指南中找不到任何表明可以实现这一点的信息。所以这似乎表明“不”。
I wasn't able to find any information indicating that to be possible in the developer's guide. So that seems indicate "no".
由于至少有 一个 可以制作与wireshark 进行某种程度集成的商业产品,因此它必须是可能的。根据维基百科,直接集成点似乎是它生成的数据, Wireshark 使用 libpcap。快速谷歌搜索显示有几个 选项
Scapy 实际上看起来有点有趣,虽然它并没有真正做任何与wireshark交互的事情,但你可以用它捕获数据包。
Since there's at least one that makes commercial products that integrate somewhat with wireshark , it has to be possible. It seems the immediate integration point is with the data it produces according to wikipedia, Wireshark uses libpcap. A quick google search reveals that there are several options
Scapy actually looks kind of interesting, though it doesn't really do anything to interact with wireshark, but you can capture packets with it.
wireshark 使用 libpcap,该库抽象了数据包嗅探中的平台差异并且提供了格式对于数据文件。这就是我将数据包注入wireshark的方式。
wireshark uses libpcap, this library abstracts away platform differences in packet sniffing and provides a format for data files. that's how I'd inject packets into wireshark.