I am implementing dissector for sip and rtp protocols. I have search a lot on libpcap and wireshark support for filtering sip traffic.
Currently, I am using tshark process to execute display filters to capture sip traffic based on some sip header values (eg. call-id).
I want to use this feature as a library to integrate with my module. Let me know if this is possible to do by compiling any source as library.
asked 10 Jun '14, 18:20
O.K. according to your comment, it sounds to me, like you want to create your own version of Wireshark/tshark, limited to SIP/RTP and that you intend to use display filters during the capturing process.
Well, then the answer is: There is no 'official' library that's easy to use, because behind the scenes of display filters you will find the whole dissection engine of Wireshark. Yes, you can use that functionality (libwireshark) in your own code, but no it's not simply linking the library against your code.
Please read the following answer:
Then, if you still think you need that, take a look at projects using libwireshark and learn from their example.
answered 12 Jun '14, 11:38
Kurt Knochner ♦