Wireshark mailing list archives
Re: BinPAC with Wireshark
From: Guy Harris <guy () alum mit edu>
Date: Tue, 2 Apr 2019 22:58:50 -0700
On Apr 1, 2019, at 7:23 PM, Joey Lord <joeylord () gmail com> wrote:
I was wondering if anyone was successful using BinPAC for doing a Wireshark dissector? I know Robin Sommer kind of made a wink to the idea where his tool, BinPAC++ , could perhaps be used for Wireshark (https://www.zeek.org/brocon2014/brocon2014_sommer_binpac.pdf). Interested to know your thoughts on the matter.
BinPAC++ was renamed to Spicy, and its home appears to be at http://www.icir.org/hilti/ They link to a paper that speaks of a Wireshark plugin: We have integrated Spicy into Wireshark by developing a proof-of-concept Wireshark dissector plugin that works with any Spicy module. Figure 9 shows a screenshot of Spicy’s DNS dissector operating inside Wireshark. At startup, our plugin compiles Spicy modules just-in-time, and then extracts names and attributes of all top-level units using Spicy’s introspection API. Spicy dissectors can convey their well-known ports to a host application by defining a %ports unit property. Our Wireshark plugin registers them accordingly with the Wireshark core, so that it receives control for corresponding packets. For each packet, it executes the unit’s dis- sector function and then iterates over the resulting attributes, adding each to the GUI’s tree display. Currently, our Wireshark plugin supports UDP protocols; extending it further would just require interfacing appropriately with more of Wireshark’s dissector API. but I don't see any sign of anything related to Wireshark in the source code in their repository, so I don't know whether the source for their proof of concept is available or not. For what it's worth, the last checkin for the Hilti repository mirror on GitHub: https://github.com/rsmmr/hilti is about 1 1/2 years ago. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- BinPAC with Wireshark Joey Lord (Apr 02)
- Re: BinPAC with Wireshark Guy Harris (Apr 02)