Home page logo
/

wireshark logo Wireshark mailing list archives

Re: Fileshark (AKA Dissecting Files with Wireshark)
From: Guy Harris <guy () alum mit edu>
Date: Thu, 20 Jun 2013 14:15:14 -0700


On Jun 20, 2013, at 11:54 AM, Evan Huus <eapache () gmail com> wrote:

3. Create a separate application called Fileshark that doesn't use
wiretap and links only against libfiledissectors. When dissecting
files directly, wiretap simply gets in the way. Additionally, people
have pointed out several possible UI changes that make sense for files
but not for packets. While hopefully Fileshark and Wireshark will be
able to share much of their code, there are still places where they
will diverge and we want to be able to do that cleanly.

Yes.  For example, in Fileshark, you either:

        1) might want to show, in a summary pane, multiple items for multiple sections/records/etc. of a file

or

        2) show only one pane, a detail pane, so that with everything closed up, you have a list of 
sections/records/etc..

Some of the consequences of this:
- Wireshark proper will not open non-capture files directly. It will
parse files it sees over transport protocols, but to parse an on-disk
file directly will require opening it in Fileshark.

Note, BTW, that you might well want to have file dissectors for various forms of capture files that Wireshark can read; 
if you open those files in Wireshark, they'd show you the packets (and perhaps other records), but if you open them in 
Fileshark, they'd show you the file header (if there is one) and the file records (including the raw contents of record 
headers, etc.) - that might be a useful tool for Wireshark developers reverse-engineering features of 
not-publicly-documented file formats.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]