Wireshark mailing list archives

Re: Wireshark and Google Summer of Code 2010

From: Guy Harris <guy () alum mit edu>
Date: Thu, 25 Feb 2010 18:29:14 -0800


On Feb 25, 2010, at 5:46 AM, Jakub Zawadzki wrote:

I'd like to make ncurses frontend for wireshark


Unless it depends on features in ncurses not in System V curses, it should probably be called "cshark" - there might 
still be some UN*Xes that use System V curses rather than ncurses.  (I don't know whether any non-ancient UN*Xes 
provide only the original BSD curses, but BSD curses has a lot less functionality than SV curses, so it's probably not 
a useful target; SV curses is probably the minimum target for which you'd want to develop.)

Wireshark for big captures is sometimes slow, it eats lot of memory,
and because of gui - it's not easy to use it remotely.


If the version you're running remotely is X11-based (which currently means "not Windows"), it can be done, although 
you'd have to set DISPLAY, set your X server up to accept connections from it, etc..

tshark is better, but it's not interactive.

I think nshark could fill gap between wireshark and tshark.


It'd still have the memory issue, and probably some of the speed issue, although it'd be easier to run remotely, and 
wouldn't require that the remote machine have X11 libraries including GTK+ installed.

I've got also some other ideas, like:

- Possibility to edit & craft new packets inside wireshark.
  To easy change private information, like: mac/ip address, mask passwords.


A scheme by which you could specify fields to obscure, by name, might be useful; you'd probably want to maintain a 
table of mappings (e.g., mapping a given IP or MAC address to another address, mapping a given string to another 
string) so that the same mapping occurs for a given value of the field.

  It'd be also possible to fast check how wireshark dissector will behave 
  if you change this byte to another value... :)


...and that might be useful in combination with the packet injection feature.

Some plugins idea:

- Packet injection.
- Service emulator based on sniffed information.


Presumably those would be UI plugins.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Wireshark and Google Summer of Code 2010 Jakub Zawadzki (Feb 25)
- Re: Wireshark and Google Summer of Code 2010 Guy Harris (Feb 25)
  - Re: Wireshark and Google Summer of Code 2010 Jakub Zawadzki (Feb 26)
    - Re: Wireshark and Google Summer of Code 2010 Guy Harris (Feb 26)
    - Re: Wireshark and Google Summer of Code 2010 Joerg Mayer (Feb 27)