I'm working on SS7 project and reached a point where I need to create my tcap dissector/parser, So I was wondering to using wireshark dev files inside my source.

Is that possible? if yes? how can I do it? is there any tutorial available?

http://www.tcpdump.org/ has all needed information.

You'll need to use libpcap as described here: http://www.tcpdump.org/pcap3_man.html

I guess pcap_open_offline is a good start, you can then use the related functions to get the structured data contained in the dump file. Using the same library, you could also capturing directly from your application.

On a related note, wireshark and tshark allow to export a pcap file to xml, you could also use this format instead of the binary pcap if you'd like to.

Like most things to do with software it is possible. However a more valid question might be what use can you make of the Wireshark source code?

Some disadvantages of using Wireshark are:

• it is a general purpose tool built for all protocols. All implemented protocol dissectors plug into its general framework. So if you want to reuse just a particular protocol you need some way of implementing or stubbing out the framework code.
• it is designed only for dissecting and describing protocol components. It has no encoding functionality.
• it is licensed using the copy left GPL license. This means that any software you build from Wireshark must also be licensed in this way.

Having said that it can be invaluable to just browse the source code to get a starting point. The main tcap dissecting source file is at epan/dissectors/packet-tcap.c. Wireshark uses a ASN.1 decompiler to parse the TCAP message. The definition file it uses can be found in asn1/tcap/tcap.asn.