We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-dev: [Wireshark-dev] Automating tests and validating test cases with wireshark

From: ivan jr sy <ivan_jr@xxxxxxxxx>
Date: Sat, 13 Feb 2010 10:26:43 -0800 (PST)
Hi Wireshark Devs,

I have a set of test cases that checks the communication between multiple IP based hosts. The test cases involves mostly sending data, ICMP, etc... between a set of hosts with some IP options/parameters being manipulated as part each testing. Execution of the test involves inspection of the multiple packet dump in wireshark. Given a list of the MAC addresses, IPs and the network topology involved in the isolated testing, the (human) testers inspects the values visually (as displayed in WS UI in Windows) and compare it with a checklistk. They just keep on clicking the fields in WS and marking a check or X on piece of paper the whole day. and repetitively.

Since the test cases are static (something that won't change that much in years) , then I have all of the reasons to believe that analysis can be automated with the use of wireshark. This will be a custom-wireshark build for our organization and maybe if it goes really I may propose this modification for commit.

I'm thinking the approach would be similar to RTP statistics where wireshark counts RTP stuff, instead this will have a set of pre-defined values to look for inside a packet - if the values are correct and what other conditions results to and reports PASS or FAIL. I'm really eager to know if this is doable so that I can assess how long will this work will take me.

I have little experience in customizing dissectors, patching them, did a UAT work once and still catching up in Gtk2, I could consider myself as someone new to WS coding. I'm hoping someone here could shed light on how I should start coding this new patch and challenge.