This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I was wondering if it is possible to get the packet information in wireshark for tcp packets such as source ip, destination ip, and various other packet information and to be able to show this information in a new gui screen as I am making a TCP connection annalyser module.

How would I go about showing these two pieces of information as i'm having trouble finding out from the code?

Any help would be much appreciated.

asked 01 Nov '16, 11:13

ModuleMan's gravatar image

ModuleMan
217711
accept rate: 0%


The Statistics -> Conversations dialog shows a lot of info for TCP connections (and Ethernet, IP and UDP as well). The info for this dialog is produced from taps and code in epan\conversation_table.c

permanent link

answered 01 Nov '16, 12:29

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

You may want to look at the tshark manual page, where you'll find various filter and output options, which could be used as your data source. If you want to have a JSON stream, you may want to look at the development version.

permanent link

answered 01 Nov '16, 12:52

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×752
×158
×10

question asked: 01 Nov '16, 11:13

question was seen: 948 times

last updated: 15 Nov '16, 09:55

p​o​w​e​r​e​d by O​S​Q​A