Purebasic Windows TCP filter specific package easiest way?

Question

I have a problem where I need to check the TCP packets on a machine. We use a closed source VOIP system here and I want to open a program when an incoming calls happens. The VOIP system's software shows the call, however has no functionality to call external software.

I used Wireshark to capture my PCs packets and I'm able to filter the packets easily by ip.src==AAA.BBB.CCC.DDD && giop.request_op == "pushEvents" && giop.len > 300 && tcp contains "CallInfo"

Now I can work with this package if my custom software could read the package from pipe

• Is there a library for purebasic that can do this capturing and filtering??
• Alternatively Is there a way to trigger wireshark (console start) so it outputs the filtered data to pipe? (I noticed tshark could do this but does not support this display filter)

Thanks for any constructive answer not hitting me for rtfm ;-)

Answer 1

tshark is just a terminal/console interface to the same engine as GUI Wireshark. It should support all the same protocol dissectors and display filters as GUI app.

I'm pretty sure you're doing something wrong while launching it. Please provide more info why you didn't manage to get tshark working.

To solve your problem: I would launch a tshark with the filter you've come up with so only those packets are displayed on the output. Then I would pipe the output to the simple python/bash/whatever script that launches the app you want on every line of input.

You will also need to take care of specific situations like:

• ensure the input line is what it was supposed to be (you can get error lines etc from tshark)
• perhaps avoid launching the app if it's already running