Tap Plugin to 3rd Part Tool with GUI

Question

HI,

I have a number of custom lua dissectors all of which contain geo positional data. The location in the packets of the geo positional data is not the same in any of the dissectors. What I am trying to do is take the geo positional data out of the packets and get them to a 3rd party applications that would display the positions all in near real time.

After reading the development documentation I have a possible design that has a few holes that I would like some feedback on.

My though was to create a tap plugin that would grab the positional data then send the data to the 3rd party tool. From the README.tapping this appears to be possible.

Questions:

What is the best way to get my data out of wireshark from the tap to the 3rd party tool? I was thinking about a QUdpSocket but this will take up time from Wireshark’s normal functions. Maybe I could append data to a file for another application to read? Any recommendations?
Can a Tap Plugin have a GUI/Preferences that would allow tap customizations of the fields or protocols that the plugin tap registers to? If this is possible can you point me to an example/documentation/functions that I would use to accomplish this?

Thanks for the help and for making WireShark great.

Accepted Answer

Can't you just export the data you need using tshark and -T fields -e field1 -e field2 ...? You can then write the output to a file or pipe it directly to the 3rd party tool if the tool is able to parse it. For example, for normal GeoIP data, you might output something like this:

tshark.exe -r file.pcap -T fields -e frame.number -e ip.src -e ip.geoip.src_city -e ip.geoip.src_country -e ip.dst -e ip.geoip.dst_city -e ip.geoip.dst_country

Just replace the fields with the fields you're interested in from your own Lua dissectors.