First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

extcap - using external driver

Hello,

I need some clarification on following issue:

I have win based application that can read MIL-STD-1553 (It do some other stuff too). I would like to use the existing driver from that application in order to import the data to wireshark and apply some dissection on it.

According to what I've read, the best way is to use extcap.

I'd be glad to have some clues on 2 issues:

  1. How can I use that driver in order to import the data to wireshark in real time.
  2. For my previous dissectors (LUA) which are IP based, I've used tdp/udp ports. What is the hook I can use in order to dissect those packets using LUA.
BMWE's avatar
1
BMWE
asked 2019-10-15 14:56:58 +0000, updated 2019-10-15 15:05:06 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

There is some minimal documentation on extcap here.

Extcap allows an external application to be started from the Wireshark GUI with arguments controlling the application, and provides a pipe into which the application can send a Pcap formatted file. Wireshark will then read and dissect this stream as per any other pcap file.

Your first task therefore is to make your application output a pcap, probably to a file, to test behaviour when Wireshark opens the file.

Then make your application conform to the extap interface and output the traffic to the pipe.

Then add dissectors as required to Wireshark to dissect your traffic.

I'm not sure what the link layer type will be for your traffic, but if it's not one of the supported ones (list here), you'll need to request a new DLT value, write that in your pcap value and then add a dissector for it.

grahamb's avatar
23.8k
grahamb
answered 2019-10-15 15:12:25 +0000
edit flag offensive 0 remove flag delete link
more

Comments

@grahamb, this is too much information for me and will need it step by step and little bit slowly:

As mentioned - there is already some application that uses some DLL (it is external to the application) to read the data. So what is required from me is to use the DLL API in order to get the data?

BMWE's avatar BMWE (2019-10-15 15:44:03 +0000) edit
more
  • delete

A DLL can't be used directly, you'll need to make an application that can load it and make the appropriate calls into the DLL to get data. The application should then write out the data in pcap format.

grahamb's avatar grahamb (2019-10-15 16:02:17 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer