Syncro User Guide

Introduction

Syncro enables an application to interact with Wireshark.  The functionality includes:

  • Commands - the ability for an application to send a command to Wireshark to:
    • Make it move to a new packet in a displayed capture file
    • Apply a display filter
  • Responses - confirmation that Wireshark has moved to the requested packet
  • Events - asynchronous notification that the Wireshark user has changed the current packet or that the status of Wireshark has changed

The application sends command messages, and receives response and event messages via a TCP connection.  This means that the application can be running on the same PC as the Wireshark instance, or running on a PC on the other side of the world.

Diagram showing Syncro architecture

Syncro requires Wireshark v2.0.0 or later and is only supported with the Qt variant of Wireshark, which is now the default.  Syncro includes code to detect Qt and so safely bypasses startup when Wireshark GTK or Tshark are used.

We have produced a small test program called SyncBox that can be used to experiment with Syncro.  SyncBox connects to two running instances of Wireshark and keeps the packet displays in step.  As you move around within one trace file, the other instance follows, and switching focus to the second instance of Wireshark causes the first instance to follow movements.

For a further introduction we recommend view the Video: Syncro and SyncBox Demonstration URL .