This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Apologies in advance if this question is a bit long-ish.

I've been wondering why Wireshark/tshark doesn't offer the option to export full packet dissection data via named pipe (serialized binary data). Is this due to design philosophy, lack of offers to write the code, or some other reason? Of course, packet dissection data can be written out to stdout or a file in xml format. Perhaps this meets most needs?

Reason for the question is that I needed a dissection data export option that was more efficient than xml. My solution was to modify tshark so it can leverage Google Protocol Buffers to export packet dissection data as serialized binary data. Serialized dissection data is written out to a named pipe. Protobuf dissect tree creation, serialization, export code is all written in C++ and takes advantage of all the optimization work Google has put into its Protobuf library. The client/read side of the pipe can be written in any language supported by the Protobuf library. I wrote mine in Python. The client reads and parses the serialized dissection data (again) using Google Protobuf lib recreating dissection tree data on client side.

Would it be advantageous to incorporate the above Protobuf approach into the Wireshark project or would the community consider it unnecessary or perhaps undesirable?

If you're curious about implementation, you can see my project at the following location: https://gitlab.com/MLandriscina/protoShark.git. This is the first time that I've used Protobuf, so I wouldn't be surprised to discover that better implementations are possible.

asked 10 Jul '17, 15:14

markLand's gravatar image

markLand
6112
accept rate: 0%


I think the best place to discuss this would be the developer mailing list.

A guide to submitting changes can be found on the wiki here.

permanent link

answered 11 Jul '17, 02:27

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×76
×37
×4

question asked: 10 Jul '17, 15:14

question was seen: 962 times

last updated: 11 Jul '17, 02:27

p​o​w​e​r​e​d by O​S​Q​A