How to use Wireshark dissectors in SharpPcap?

[HJPhilippi]

Hi there,

as far as I can see, it's pretty easy to get some basic information from *.pcap files using SharpPcap, like the involved sending and receiving hosts of a packet, timestamps etc. That alone is great. Alas, I want to delve deeper into application level packet inspection, namely of BACnet (a field bus protocol) network traffic.

Wireshark comes with dissectors that deliver the understanding for numerous protocols, and BACnet (labeled BVLC) is included. Using this, I set up Wireshark display filters to retrieve packets of certain BACnet service calls for instance. And this is what I'd like to do in code using SharpPcap. Is this possible? Is there a way to involve the existing Wireshark dissectors for some more profound protocol analysis and packet filtering?

Any help is greatly appreciated,
thanks in advance

Hans

[kayoub5]

Nothing out of the box is available, but calling WireShark API from C# can be either done through sub process (easy) or C interop (difficult since WireShark internal API could change at any time)

Examples

• https://github.com/peachman05/WireShark
• https://github.com/OceanAirdrop/WiresharkPcapAnalysis/blob/master/WiresharkAnalysis/WiresharkAnalysis/TSharkAnalysis.cs
• https://github.com/KimiNewt/pyshark
• https://github.com/epl-viz/liblibwireshark

[HJPhilippi]

Thanks for the info. In fact, I've already experimented wrapping some code around the tshark console tool, and this worked in general. But I thought there could be a way to integrate the dissectors somewhat "tighter", for performance reasons etc.
I'll do some more research and see, where it's going.