Wireshark 中是否有一个函数可以用来解码内存缓冲区中的数据包而不是捕获文件?
我一直在阅读 Wireshark 附带的文档,并分析源代码,以确定 Wireshark 中是否存在函数或函数集合,这将允许我传递包含捕获数据的缓冲区(而不是使用外部文件)。
我也在 Wireshark-dev 列表上问了这个问题,但没有得到回应。
据我了解,你告诉 Wireshark 在哪里寻找数据包(就文件、管道或套接字而言),它会告诉你每当它从该流中获取数据包时,所以我的直觉是没有办法将指针传递给包含捕获数据的缓冲区,并让 Wireshark 解析它在那里找到的任何内容。
然而,我绝不是 Wireshark 内部的专家,所以我希望 SO 能帮助我找到一个明确的答案。谢谢。
I have been reading the docs that come with Wireshark along with analyzing the source to figure out if there is a function or collection of functions in Wireshark which would allow me to pass a buffer containing capture data (rather than using an external file).
I asked this question on the Wireshark-dev list as well, but had no responses.
As far as I understand, you tell Wireshark where to look for packets (in terms of a file, pipe or socket) and it tells you whenever it's got a packet from that stream, so my gut feeling is that there isn't a way to pass a pointer to a buffer containing capture data and have Wireshark parse whatever it can find there.
However, I am by no means an expert on the internals of Wireshark, so I am looking to SO to help me figure out a definitive answer. Thank you.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是否尝试过创建一个新的
tvbuff_t作为TVBUFF_REAL_DATA并提供您的内存区域作为data参数?Wireshark 历史上与其他应用程序配合得不好,因此这是否有效是值得怀疑的,特别是如果您认为数据在分析时可能会发生变化。难道不能写出临时文件吗?
Have you tried creating a new
tvbuff_tasTVBUFF_REAL_DATAand providing your memory region as thedataparameter?Wireshark historically does not play well with other applications, so whether this will work or not is questionable, especially if you think your data may change while it is being dissected. Is it not possible to write out a temporary file?