Re: [Wireshark-dev] About Wiretap Library

On Apr 26, 2010, at 1:24 PM, p2m p2m wrote:

> I need to capture iSCSI packets (using tshark) and then open the capture files and get the data I need using a dissector to analise it.

Wireshark's capture files are in pcap format, so libpcap/WinPcap can also be used to read the raw packet data. libpcap/WinPcap are documented, and have a standard stable API for reading capture files, unlike Wiretap, whose API is subject to incompatible change.

Note that libpcap/Winpcap *AND* Wiretap both just give you raw packet data; they do not do *any* dissection.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

• This message: [ Message body ]
• Next message: buildbot-no-reply_at_nospam: "[Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86"
• Previous message: Maynard, Chris: "[Wireshark-dev] Code Collaborator from SmartBear Software"
• In reply to: p2m p2m: "Re: [Wireshark-dev] About Wiretap Library"
• Next in thread: p2m p2m: "Re: [Wireshark-dev] About Wiretap Library"
• Reply: p2m p2m: "Re: [Wireshark-dev] About Wiretap Library"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]