Wireshark mailing list archives

Re: [GSoC] Packet Editor and Viewer

From: Edwin Abraham <edwin.abraham12 () gmail com>
Date: Sun, 14 Apr 2013 13:15:28 +0530

Last Summer as a part of an internship at DRDO (Defense Research and
Development Organisation) I was asked to go through their custom networking
protocol. So that they could improve the protocol handling and how the
application handled. Since they needed a quick fix and I used LUA scripts
to write a custom dissector for them. They were happy with the result. But
the in the end I realized they wanted to open the packet edit the data
within wireshark, compare it with other protocols they were using.

I agree with the fact there is a Packet Viewer but it’s not editable. But
if there is a UI where the packets can be manipulated by applying data
changes or designing a dissector with the existing packets. LUA is powerful
and if the UI is setup to create the dissector without using an IDE or  at
least eventually. If the reboot is given from within the UI we can resume
the Packet Editor session when wireshark restarts.

I was thinking the Packet Editor should be able to display the packet data
to the user in the mode he desires. Like if the user wants to see the
packet in hex, then a specific part in decimal. Or to have the headers
applied and not applied on the packet. In the following is a rough idea of
what I mean.

Headers

Data 1

Data 2

Data 3

<headername 1>
<data>
<data>
<data>

<headername 1>
<data>
<data>
<data>

<data_payload>
<data>
<data>
<data>

Initially when a packet is opened it is already filtered by the headers
IP,UDP,etc. This editor can display the data in a way comfortable to add
custom headers (using dissectors) and temporarily apply and see the
payload. Once the packet is modified to user requirement, the user can
apply listeners to send the required data to the applications to analyse
the data.

When I mentioned that the editor can exist on its own I meant the UI can be
used wherever in wireshark to view packets like when designing dissectors,
applying filter, or any kind of packet manipulation.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

[GSoC] Packet Editor and Viewer Edwin Abraham (Apr 12)
- Re: [GSoC] Packet Editor and Viewer Guy Harris (Apr 13)
  - Re: [GSoC] Packet Editor and Viewer Edwin Abraham (Apr 14)
    - Re: [GSoC] Packet Editor and Viewer Guy Harris (Apr 14)
    - Re: [GSoC] Packet Editor and Viewer Edwin Abraham (Apr 15)
    - Re: [GSoC] Packet Editor and Viewer Edwin Abraham (Apr 15)
    - Re: [GSoC] Packet Editor and Viewer Edwin Abraham (Apr 18)
    - Re: [GSoC] Packet Editor and Viewer Guy Harris (Apr 18)
    - Re: [GSoC] Packet Editor and Viewer Guy Harris (Apr 18)
    - Re: [GSoC] Packet Editor and Viewer Edwin Abraham (Apr 18)
    - Re: [GSoC] Packet Editor and Viewer Edwin Abraham (Apr 24)