Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Interested in GSOC idea: Packet Editor (CLI)

From: Kay <kay21s () gmail com>
Date: Tue, 16 Apr 2013 14:42:24 +0800
I am a graduate student from University of Science and Technology of China.
My previous projects and research focus on accelerating high-speed network
processing(10Gbps) with multicore/manycore architecture. My previous
projects include building a high-performance HTTP parser, a TCP lookup
algorithm, and a RTSP reverse proxy. Therefore, I think I am experienced in
this field, and I'd like to learn new staffs in the project.

I am very interested in the Packet Editor (CLI). The reason is that about
one year ago, I have to synthesis a trace with one million concurrent
sessions for the experiment of a project. Of course I used editcap that
time, but I felt editcap should have more powerful functions for more
useful situations. And since I will use editcap more frequently in the
future, it will be good to improve edicap right now, and make it more
useful for everyone :-)

I have concluded some useful features I would like editcap to have in the
future, which are listed as followings:

1) Replace the address/port with specific range or random address/port.
This is useful when one tries to hide the real ip addresses, or replace
with new ones. [just as said in the idea page]
2) Split trace file by "connection" or "session". This is useful when one
wants to split a trace file in multiple ones while still maintaining the
integrity of each connection.
3) Get packets from a specific address/ a specific range of addresses from
a trace file. This helps better investigate a specific connection when
there existing huge amounts of them.
4) Add/delete a specific field, i.e. "Cache-Control: no-cache" in HTTP
Header in all relevant packets, so we can synthesis new traces with
existing ones.

5) Removing or overwriting sensitive data
And one question, the idea page write this, but I am not quite sure about
what is regarded as sensitive data? what exact functions do I have to
implement for this feature?

Thanks for your comments and suggestions for my ideas. And what other
features will you mentors suggest me to implement in this project? Thanks.

Regards,
Kay

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: