是否有一个Wireshark的API，制定方案/与之交互插件/提升呢？ [英] Is there an API for Wireshark, to develop programs/plugins that interact with it/enhance it?

问题描述

谷歌搜索没有给我很大的成绩。是否有任何形式的Wireshark的API的，抽象的主要来源$ C ​​$ C远，所以我们可以开发出与它交互的程序和处理它提供的数据？

Googling didn't give me great results. Is there any sort of API for Wireshark that abstracts away from the main source code so we can develop programs that interact with it and deal with the data it provides?

编辑：我AP preciate的不同的方式来接收数据包的建议，但我想，实现报文注入Wireshark的。嗅探将是我的项目的重要组成部分，但我不知道该建议的解决方案允许数据包注入。

edit: I appreciate the suggestions for different ways to receive packets, but I want to implement packet injection into Wireshark. Sniffing will be an important part of my project, however I'm not sure that the suggested solution allows for packet injection.

推荐答案

我使用 pypcap 读取数据包和 dpkt 解析。

I use pypcap to read packets and dpkt to parse.

例如，使用dpkt读取保存的PCAP数据包：

For example, to use dpkt to read packets from a saved pcap:

import socket
import dpkt
import sys
pcapReader = dpkt.pcap.Reader(file(sys.argv[1], "rb"))
for ts, data in pcapReader:
    ether = dpkt.ethernet.Ethernet(data)
    if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
    ip = ether.data
    src = socket.inet_ntoa(ip.src)
    dst = socket.inet_ntoa(ip.dst)
    print "%s -> %s" % (src, dst)

要抢关闭线框与pypcap：

To grab frames off the wire with pypcap:

    import pcap
    pc = pcap.pcapObject()
    dev = sys.argv[1]
    pc.open_live(dev, 1600, 0, 100)
    pc.setfilter("udp port 53", 0, 0)
    while 1:
        pc.dispatch(1, p.pcap_dispatch)

当然，两者可以一起使用：（来自pypcap主页撕开）

Of course, the two can be used together: (ripped from pypcap's homepage)

>>> import dpkt, pcap
>>> pc = pcap.pcap()
>>> pc.setfilter('icmp')
>>> for ts, pkt in pc:
...     print `dpkt.ethernet.Ethernet(pkt)`

祝你好运！

这篇关于是否有一个Wireshark的API，制定方案/与之交互插件/提升呢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！