I'm writing a C/C++ application which needs (among other things) to sniff packets and save the output in a file. This file will be read and processed by wireshark after a few days, using a LUA script to do some other stuff.

My question is for the sniffing part which must be provided by my application. I can see two ways to do this:

1) Fork the wireshark process in background (of course using the command line version)

2) Using wireshark as library: no forking but include stuff like "wireshark.h" and link against libwireshark.so, thus using function calls to do the sniffing.

So far I haven't found any documentation about #2 and it seems that #1 is the "right way" to embed sniffing capabilities in my code.

Do you think I'm doing he right thing? Does wireshark allow embedding as a library?