This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark development

0

I was wondering if it is possible to get the packet information in wireshark for tcp packets such as source ip, destination ip, and various other packet information and to be able to show this information in a new gui screen as I am making a TCP connection annalyser module.

How would I go about showing these two pieces of information as i'm having trouble finding out from the code?

Any help would be much appreciated.

asked 01 Nov '16, 11:13

ModuleMan's gravatar image

ModuleMan
217711
accept rate: 0%


2 Answers:

1

The Statistics -> Conversations dialog shows a lot of info for TCP connections (and Ethernet, IP and UDP as well). The info for this dialog is produced from taps and code in epan\conversation_table.c

answered 01 Nov '16, 12:29

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

1

You may want to look at the tshark manual page, where you'll find various filter and output options, which could be used as your data source. If you want to have a JSON stream, you may want to look at the development version.

answered 01 Nov '16, 12:52

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%