Ask Your Question
0

extcap - using external driver

asked 2019-10-15 14:56:58 +0000

BMWE gravatar image

updated 2019-10-15 15:05:06 +0000

Hello,

I need some clarification on following issue:

I have win based application that can read MIL-STD-1553 (It do some other stuff too). I would like to use the existing driver from that application in order to import the data to wireshark and apply some dissection on it.

According to what I've read, the best way is to use extcap.

I'd be glad to have some clues on 2 issues:

  1. How can I use that driver in order to import the data to wireshark in real time.
  2. For my previous dissectors (LUA) which are IP based, I've used tdp/udp ports. What is the hook I can use in order to dissect those packets using LUA.
edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-10-15 15:12:25 +0000

grahamb gravatar image

There is some minimal documentation on extcap here.

Extcap allows an external application to be started from the Wireshark GUI with arguments controlling the application, and provides a pipe into which the application can send a Pcap formatted file. Wireshark will then read and dissect this stream as per any other pcap file.

Your first task therefore is to make your application output a pcap, probably to a file, to test behaviour when Wireshark opens the file.

Then make your application conform to the extap interface and output the traffic to the pipe.

Then add dissectors as required to Wireshark to dissect your traffic.

I'm not sure what the link layer type will be for your traffic, but if it's not one of the supported ones (list here), you'll need to request a new DLT value, write that in your pcap value and then add a dissector for it.

edit flag offensive delete link more

Comments

@grahamb, this is too much information for me and will need it step by step and little bit slowly:

As mentioned - there is already some application that uses some DLL (it is external to the application) to read the data. So what is required from me is to use the DLL API in order to get the data?

BMWE gravatar imageBMWE ( 2019-10-15 15:44:03 +0000 )edit

A DLL can't be used directly, you'll need to make an application that can load it and make the appropriate calls into the DLL to get data. The application should then write out the data in pcap format.

grahamb gravatar imagegrahamb ( 2019-10-15 16:02:17 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-10-15 14:56:58 +0000

Seen: 678 times

Last updated: Oct 15 '19

Related questions

Wireshark 3 extcap_example.py not working on Win8.1: not capturing any "fake" packets

nrf sniffer 3.0 doesn't show in list of external capture modules. Why?

Mentor or Guide needed for Python code to run extcap programs outside Wireshark

How to properly finalize capture in a Wireshark extcap plugin?

nrf_sniffer_ble.sh --extcap-interface error

Problem with extcap preferences in TShark (Wireshark) 3.4.2

How to troubleshoot extcap when no error?

extcap capture filter input check

Extcap - how to use Messages Control Protocol

udpdump.exe entry point not found

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2