Wireshark mailing list archives
Re: Anyone heard of Netdude?
From: Gregory Seidman <gsslist+wireshark () anthropohedron net>
Date: Mon, 7 Feb 2011 14:36:28 -0500
On Mon, Feb 07, 2011 at 08:18:11PM +0100, bernoulli wrote:
Though I'm not in the core dev team, I think the main task of wireshark is sniffing the net. The main task of netdude is to edit packets in order to do tests with packet injection later on. Because, when sniffing, we want to be as passively as possible I think it is not necessary to do packet editing in Wireshark.
It's possible that the right approach is another frontend, in the same way that Tshark and Wireshark are separate, or maybe an editing mode that is disabled by default. I've wanted to do testing with packet injection (using BitTwist) in the past, and wound up editing a PCAP file in a hex editor. The main reason to want Wireshark (or another frontend in the Wireshark project) to be the editor is the wealth of existing dissectors. Sure, it isn't too tough to write something to change an IP header, but how about changing a field in a structure deep in an SNMP packet? In addition, lots of companies develop their own internal protocols, and develop Wireshark dissectors internally to help them debug. If the same dissectors they've already developed could help generate test data as well, so much the better. One could argue that such internal development does nothing to further the goals of an open source project, but even aside from supporting users who submit bugs and fixes for them as a result of their use, it is rewarding to make something that is useful and used.
I've tested netdude too, and it is dead! The program still uses gtk+ (version 1) and isn't thus compiling onder modern linux versions. And all the mailinglists for netdude are dead, too. So there is indeed the problem that there exists no graphical toolkit for packetediting - which is free - in the moment afaik. But, again, I think Wireshark is not the right place for packet editing.
Ah, interesting. Thanks for the info on netdude. I clearly disagree with you in that I think Wireshark (the project, though not necessarily the existing GUI) is the best possible place for packet editing.
Regards, Marc.
--Greg
Am 07.02.2011 19:20, schrieb Gregory Seidman:I recently ran across Netdude<http://netdude.sf.net/>. I haven't played with it, but it appears to have aims similar to Wireshark. It looks like Wireshark is MUCH more mature, but there may be something to be learned from it. In particular, it's primary feature seems to be that it can edit fields in packets. Has there been any thought toward Wireshark supporting editing? Is there a strong reason not to (other than the technical difficulty involved, which is not insignificant)? --Greg
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Anyone heard of Netdude? Gregory Seidman (Feb 07)
- Re: Anyone heard of Netdude? bernoulli (Feb 07)
- Re: Anyone heard of Netdude? Gregory Seidman (Feb 07)
- Re: Anyone heard of Netdude? Sam Roberts (Feb 07)
- Wireshark packet editor (was Re: Anyone heard of Netdude?) Gregory Seidman (Feb 07)
- Re: Anyone heard of Netdude? bernoulli (Feb 07)
- Re: Anyone heard of Netdude? Stephen Fisher (Feb 07)
- Re: Anyone heard of Netdude? Gregory Seidman (Feb 07)
- Re: Anyone heard of Netdude? bernoulli (Feb 07)