Howdy,
A couple of months ago I mentioned here(1) that I am working on an
application that needs to dissect packets and that I was looking at the
possibility of using libwireshark for this task. I also mentioned that I
was prototyping and hoped to have something to show soon.
Now I think I have a good proof of concept that seems to actually do
something. The build environment is still fragile (meaning: I've only
tested on my development platform - Debian) but if one manages to build,
the thing runs and can actually do stuff.
My project is called Network Expect, and it's (obviously) GPL'ed. The
concept is a bit hard to explain, but I think a "packet manipulation
framework" describes it relatively well. Those that have used the Scapy
tool by Philippe Biondi will find some similarities.
I think the advantages of relying on libwireshark for packet dissection
instead of using my own code are obvious - thousands of hours have gone
into libwireshark development, and libwireshark supports hundreds of
protocols and offers other nice services. It's impossible (especially
for a small project like mine) to achieve the same results.
So, without further ado, here's Network Expect:
http://www.netexpect.org. There's an Examples section that shows some
scripts. I'd go there first to see what this is all about.
I'd love to here any feedback, good or bad, that the Wireshark
developers may have.
Cheers,
Eloy Paris.-
(1) http://www.wireshark.org/lists/wireshark-dev/200802/msg00129.html
and http://www.wireshark.org/lists/wireshark-dev/200803/msg00305.html
and http://www.wireshark.org/lists/wireshark-dev/200803/msg00342.html
