windowstcpwiresharkwinpcappurebasic

Purebasic Windows TCP filter specific package easiest way?


I have a problem where I need to check the TCP packets on a machine. We use a closed source VOIP system here and I want to open a program when an incoming calls happens. The VOIP system's software shows the call, however has no functionality to call external software.

I used Wireshark to capture my PCs packets and I'm able to filter the packets easily by ip.src==AAA.BBB.CCC.DDD && giop.request_op == "pushEvents" && giop.len > 300 && tcp contains "CallInfo"

Now I can work with this package if my custom software could read the package from pipe

Thanks for any constructive answer not hitting me for rtfm ;-)


Solution

  • tshark is just a terminal/console interface to the same engine as GUI Wireshark. It should support all the same protocol dissectors and display filters as GUI app.

    I'm pretty sure you're doing something wrong while launching it. Please provide more info why you didn't manage to get tshark working.

    To solve your problem: I would launch a tshark with the filter you've come up with so only those packets are displayed on the output. Then I would pipe the output to the simple python/bash/whatever script that launches the app you want on every line of input.

    You will also need to take care of specific situations like: