Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BinPAC with Wireshark

From: Guy Harris <guy () alum mit edu>
Date: Tue, 2 Apr 2019 22:58:50 -0700
On Apr 1, 2019, at 7:23 PM, Joey Lord <joeylord () gmail com> wrote:


I was wondering if anyone was successful using BinPAC for doing a Wireshark dissector? I know Robin Sommer kind of 
made a wink to the idea where his tool, BinPAC++ , could perhaps be used for Wireshark 
(https://www.zeek.org/brocon2014/brocon2014_sommer_binpac.pdf). Interested to know your thoughts on the matter.


BinPAC++ was renamed to Spicy, and its home appears to be at

        http://www.icir.org/hilti/

They link to a paper that speaks of a Wireshark plugin:

        We have integrated Spicy into Wireshark by developing a proof-of-concept Wireshark dissector plugin that works 
with any Spicy module. Figure 9 shows a screenshot of Spicy’s DNS dissector operating inside Wireshark. At startup, our 
plugin compiles Spicy modules just-in-time, and then extracts names and attributes of all top-level units using Spicy’s 
introspection API. Spicy dissectors can convey their well-known ports to a host application by defining a %ports unit 
property. Our Wireshark plugin registers them accordingly with the Wireshark core, so that it receives control for 
corresponding packets. For each packet, it executes the unit’s dis- sector function and then iterates over the 
resulting attributes, adding each to the GUI’s tree display. Currently, our Wireshark plugin supports UDP protocols; 
extending it further would just require interfacing appropriately with more of Wireshark’s dissector API.

but I don't see any sign of anything related to Wireshark in the source code in their repository, so I don't know 
whether the source for their proof of concept is available or not.

For what it's worth, the last checkin for the Hilti repository mirror on GitHub:

        https://github.com/rsmmr/hilti

is about 1 1/2 years ago.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: