Howdy, A couple of months ago I mentioned here(1) that I am working on an application that needs to dissect packets and that I was looking at the possibility of using libwireshark for this task. I also mentioned that I was prototyping and hoped to have something to show soon.
Now I think I have a good proof of concept that seems to actually do something. The build environment is still fragile (meaning: I've only tested on my development platform - Debian) but if one manages to build, the thing runs and can actually do stuff. My project is called Network Expect, and it's (obviously) GPL'ed. The concept is a bit hard to explain, but I think a "packet manipulation framework" describes it relatively well. Those that have used the Scapy tool by Philippe Biondi will find some similarities. I think the advantages of relying on libwireshark for packet dissection instead of using my own code are obvious - thousands of hours have gone into libwireshark development, and libwireshark supports hundreds of protocols and offers other nice services. It's impossible (especially for a small project like mine) to achieve the same results. So, without further ado, here's Network Expect: http://www.netexpect.org. There's an Examples section that shows some scripts. I'd go there first to see what this is all about. I'd love to here any feedback, good or bad, that the Wireshark developers may have. Cheers, Eloy Paris.- (1) http://www.wireshark.org/lists/wireshark-dev/200802/msg00129.html and http://www.wireshark.org/lists/wireshark-dev/200803/msg00305.html and http://www.wireshark.org/lists/wireshark-dev/200803/msg00342.html _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
