> > It sounds as if you're developing something that doesn't involve > captured packets at all, just taking an expression in one packet- > matching language (Wireshark's filter language) and attempting to turn > it into an expression in another packet-matching language (the > language for whatever packet filter mechanism you're using). There's > nothing Wireshark-specific about that - you're not using any of > Wireshark's inherent capabilities, as you're not generating the filter > expression from a captured packet's contents - so why are you choosing > to use Wireshark for this? >
Thanks for your reply, and I'll write here my explanation for why I'm I using it. The purpose is not for business software, more like for educational ones. I know that it will be hard to make one firewall application for all OS-types, but I would like to write just for the Unix-like systems. I've choose Wireshark because it is the most complex packet analyzer as far as I know. I'm not trying to turn it into another language, but to turn Wireshark language into a firewall language. I really liked the firewall add-on, and I would like to make it happen, not just to make an "iptables" rule, for example, but to really filter the packets. About the CISCO IOS ACL commands, the one generated by Wireshark were not so good (in my opinion), and I would like to develop them, maybe even sending them in a CISCO router (if I'll have time for it). I'll try to descripe how do I see the "Wireshark firewall", maybe if you are interesting in this, you can help me implementing it. As far as I see, a Firewall has deny, permit rules and some attacks fingerprints. The first 2 steps are the one that interests me, maybe one CISCO .sdf importing in Wireshark would be the next nexp. I would like to create some filters, directly in the linux kernel, based on the Wireshark dissector packets. What I mean by this, is that you give some packet fingerprint to the kernel, tell him to deny/accept and he does the trick for you. I would like to use for this the CISCO ACL aproch, in that the filters are listed and apply by the order of them in the list. Hope I can find someone to help me in this approch, Mihai
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
