Wireshark/Tshark json output in kafka topic

0
votes

I'm looking for a solution where I could send the json data that is produced on the console to a kafka topic. eg. tshark -r "filename.pcap" -T json to my kafka topic, or produce it on the same topic using librdkafka.

If somebody knows tshark internals where I could twitch it's module where the json is printed on the console to produce the json on my kafka topic instead. If only I could get to the point where the json is packed/made and then printed on the console should work. Thanks in advance.

1
apache-kafkawiresharktsharkwireshark-dissector

1 Answers

1
votes

If only I could get to the point where the json is packed/made and then printed on the console should work. Thanks in advance.

The code that prints the JSON on the screen is in tshark.c lines 4187-4206 and lines 3834-3837

    if (print_details) {
      write_json_proto_tree(output_fields, print_dissections_none, TRUE,
                            protocolfilter, protocolfilter_flags,
                            edt, &cf->cinfo, node_children_grouper, &jdumper);
      return !ferror(stdout);
    }

and write_json_proto_tree is implemented in epan/print.c:712