Home page logo
/

wireshark logo Wireshark mailing list archives

Re: [GSoC] Packet Editor and Viewer
From: Guy Harris <guy () alum mit edu>
Date: Sun, 14 Apr 2013 09:45:12 -0700


On Apr 14, 2013, at 12:45 AM, Edwin Abraham <edwin.abraham12 () gmail com> wrote:

Last Summer as a part of an internship at DRDO (Defense Research and Development Organisation) I was asked to go 
through their custom networking protocol. So that they could improve the protocol handling and how the application 
handled. Since they needed a quick fix and I used LUA scripts to write a custom dissector for them. They were happy 
with the result. But the in the end I realized they wanted to open the packet edit the data within wireshark, compare 
it with other protocols they were using.

I agree with the fact there is a Packet Viewer but it’s not editable. But if there is a UI where the packets can be 
manipulated by applying data changes or designing a dissector with the existing packets.

Unless I *completely* misunderstand what you're proposing, "a UI where the packets can be manipulated by applying data 
changes" is a completely separate item from "[a UI for] designing a dissector with the existing packets".

How do you envision the latter item working?  And would it be more useful if you had a UI to design a dissector 
*regardless* of whether you have a capture file open with packets for that protocol, even if it has some additional 
features that let you use existing packets for the protocol?

LUA is powerful and if the UI is setup to create the dissector without using an IDE or  at least eventually. If the 
reboot is given from within the UI we can resume the Packet Editor session when wireshark restarts.

And if there's no need to *have* a reboot to use a new piece of Lua code, that would be even better - you wouldn't 
*need* to resume the session.

I was thinking the Packet Editor should be able to display the packet data to the user in the mode he desires. Like 
if the user wants to see the packet in hex, then a specific part in decimal. Or to have the headers applied and not 
applied on the packet. In the following is a rough idea of what I mean.

        ...

Initially when a packet is opened it is already filtered by the headers IP,UDP,etc. This editor can display the data 
in a way comfortable to add custom headers (using dissectors) and temporarily apply and see the payload. Once the 
packet is modified to user requirement, the user can apply listeners to send the required data to the applications to 
analyse the data.

When I mentioned that the editor can exist on its own I meant the UI can be used wherever in wireshark to view 
packets like when designing dissectors, applying filter, or any kind of packet manipulation.

You seem to be talking about changing the way packets are *displayed*.  That's not really an "editor" function, that's 
a "viewer" function; the Packet Editor (GUI) item in the Wireshark GSoC page says "It would be useful to be able to 
edit packet contents and to save edited packets back to disk."

What you're describing could be interesting (although you need to describe it more clearly, for example by giving some 
examples of what the UI might look like and what operations it supports), but it doesn't sound as if it's a "packet 
editor", it sounds more like a "dissector editor".  I.e., it sounds as if you're describing something that lets you 
change the way packet data is displayed, not something that lets you actually change the data *in* the packet.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]