I use pypcapto read packets and dpktto parse.

我pypcap用来读取数据包和dpkt解析。

For example, to use dpkt to read packets from a saved pcap:

例如，要使用 dpkt 从保存的 pcap 中读取数据包：

import socket
import dpkt
import sys
pcapReader = dpkt.pcap.Reader(file(sys.argv[1], "rb"))
for ts, data in pcapReader:
    ether = dpkt.ethernet.Ethernet(data)
    if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
    ip = ether.data
    src = socket.inet_ntoa(ip.src)
    dst = socket.inet_ntoa(ip.dst)
    print "%s -> %s" % (src, dst)

To grab frames off the wire with pypcap:

要使用 pypcap 从电线上抓取帧：

    import pcap
    pc = pcap.pcapObject()
    dev = sys.argv[1]
    pc.open_live(dev, 1600, 0, 100)
    pc.setfilter("udp port 53", 0, 0)
    while 1:
        pc.dispatch(1, p.pcap_dispatch)

Of course, the two can be used together: (ripped from pypcap's homepage)

当然，两者可以一起使用：（摘自pypcap的主页）

>>> import dpkt, pcap
>>> pc = pcap.pcap()
>>> pc.setfilter('icmp')
>>> for ts, pkt in pc:
...     print `dpkt.ethernet.Ethernet(pkt)`

Good luck!

祝你好运！

Try the lua scripting that they've got in the newer versions of wireshark.. you can write custom dissectors (for your own protocols and so on).

试试他们在较新版本的wireshark 中获得的 lua 脚本……您可以编写自定义解剖器（用于您自己的协议等）。

http://wiki.wireshark.org/Lua

http://wiki.wireshark.org/Lua

c++ well could not find one.. but here is the wireshark documentation of Python support..! http://wiki.wireshark.org/Python

C++ 找不到一个.. 但这里是 Python 支持的wireshark 文档..！ http://wiki.wireshark.org/Python

tsharkprovides a CLI to much of Wireshark's functionality, if you are looking to harness Wireshark's protocol analyzers and data manipulation capabilities.

如果您希望利用 Wireshark 的协议分析器和数据操作功能，tshark为 Wireshark 的大部分功能提供了 CLI。

If you wanted to do some digging into Wireshark's source code, it has several C libraries that may be of use, particularly wiretap and epan. Examples of its use can be found in the tshark source. You have to erect quite a bit of scaffolding to use the libraries, however.

如果您想深入了解 Wireshark 的源代码，它有几个可能有用的 C 库，尤其是窃听和 epan。其使用示例可以在tshark 源中找到。但是，您必须架设相当多的脚手架才能使用这些库。

If you are looking to develop plugins, this pagemay hold some answers for you.

如果您正在寻找开发插件，此页面可能会为您提供一些答案。

I wasn't able to find any information indicating that to be possible in the developer's guide. So that seems indicate "no".

我无法在开发人员指南中找到任何表明这是可能的信息。所以这似乎表明“不”。

Since there's at least onethat makes commercial products that integrate somewhat with wireshark , it has to be possible. It seems the immediate integration point is with the data it produces according to wikipedia, Wiresharkuses libpcap. A quick google search reveals that there are several options

由于至少有一个商业产品与 wireshark 集成，所以它必须是可能的。似乎直接的集成点是根据维基百科生成的数据，Wireshark使用libpcap。快速谷歌搜索显示有几个选项

Scapyactually looks kind of interesting, though it doesn't really do anything to interact with wireshark, but you can capture packets with it.

Scapy实际上看起来有点有趣，尽管它并没有真正与wireshark 进行任何交互，但是您可以使用它捕获数据包。

wireshark uses libpcap, this library abstracts away platform differences in packet sniffing andprovides a format for data files. that's how I'd inject packets into wireshark.

wireshark 使用 libpcap，该库抽象出数据包嗅探中的平台差异并提供数据文件的格式。这就是我将数据包注入到wireshark的方式。