Re: [Wireshark-dev] Wireshark and Matlab

Thu, 13 Mar 2008 22:31:27 -0700 

Armen,

    I might be interested in such a tool.  Also, by 'bootstrapping  
portion' do you mean the one-time epan structure
initialization/destruction calls as well as the proper init/malloc/ 
free per-packet calls?

rkm

On Mar 12, 2008, at 5:28 PM, Armen Babikyan wrote:

> Hello,
>
> A few months ago, I wrote a tool that lets me use Wireshark's packet
> dissection capabilities in Matlab, to numerically analyze packets.   
> For
> example:
>
>>> b = tshark_read('ws1.pcap', {'frame.number', 'ip.version',
> 'tcp.seq', 'udp.dstport', 'frame.pkt_len'}, 'ip.version eq 4')
>
> b =
>
> 1x14630 struct array with fields:
>       frame_number
>       ip_version
>       tcp_seq
>       udp_dstport
>       frame_pkt_len
>
>>> b(3)
>
> ans =
>
>        frame_number: 6
>          ip_version: 4
>             tcp_seq: []
>         udp_dstport: 9618
>       frame_pkt_len: 1042
>
>>>
>
> With this array of structs, a Matlab programmer could trivially plot
> packet fields with respect to time, or whatever.
>
> My code, however, makes use of (among other things) the general
> bootstrapping portion of libwireshark's API, and I've run into
> compatibility issues between successive versions of Wireshark that  
> have
> similar, but not identical, bootstrapping APIs.  Does the Wireshark
> project intend to standardize this part of the libwireshark soon?
>
> If the Wireshark is not intending to standardize libwireshark's API
> anytime soon, would the developers consider creating #defines for  
> major,
> minor, and minorminor numbers for the current version of wireshark,  
> so I
> can create preprocessor directives based on these to account for  
> further
> changes to the libwireshark API?  For example, I'd like something  
> like this:
>
> #define VERSION "0.99.5" // already exists
> #define VERSION_MAJOR 0
> #define VERSION_MINOR 99
> #define VERSION_MINORMINOR 5
>
> Lastly, is the general public interested in this tool?
>
> Let me know your thoughts.  Thanks!
>
> Armen
>
> -- 
> Armen Babikyan
> MIT Lincoln Laboratory
> [EMAIL PROTECTED] . 781-981-1796
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Reply via email to