Is there an API for Wireshark, to develop programs/plugins that interact with it/enhance it? [closed]

Question

Googling didn't give me great results. Is there any sort of API for Wireshark that abstracts away from the main source code so we can develop programs that interact with it and deal with the data it provides?

edit: I appreciate the suggestions for different ways to receive packets, but I want to implement packet injection into Wireshark. Sniffing will be an important part of my project, however I'm not sure that the suggested solution allows for packet injection.

Answer 1

I use pypcap to read packets and dpkt to parse.

For example, to use dpkt to read packets from a saved pcap:

import socket
import dpkt
import sys
pcapReader = dpkt.pcap.Reader(file(sys.argv[1], "rb"))
for ts, data in pcapReader:
    ether = dpkt.ethernet.Ethernet(data)
    if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
    ip = ether.data
    src = socket.inet_ntoa(ip.src)
    dst = socket.inet_ntoa(ip.dst)
    print "%s -> %s" % (src, dst)

To grab frames off the wire with pypcap:

    import pcap
    pc = pcap.pcapObject()
    dev = sys.argv[1]
    pc.open_live(dev, 1600, 0, 100)
    pc.setfilter("udp port 53", 0, 0)
    while 1:
        pc.dispatch(1, p.pcap_dispatch)

Of course, the two can be used together: (ripped from pypcap's homepage)

>>> import dpkt, pcap
>>> pc = pcap.pcap()
>>> pc.setfilter('icmp')
>>> for ts, pkt in pc:
...     print `dpkt.ethernet.Ethernet(pkt)`

Good luck!