We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-dev: Re: [Wireshark-dev] Wireshark and Google Summer of Code 2010

From: Jakub Zawadzki <[email protected]>
Date: Fri, 26 Feb 2010 11:05:10 +0100
On Thu, Feb 25, 2010 at 06:29:14PM -0800, Guy Harris wrote:
> On Feb 25, 2010, at 5:46 AM, Jakub Zawadzki wrote:
> > I'd like to make ncurses frontend for wireshark
> Unless it depends on features in ncurses not in System V curses, it should probably be called "cshark" - there might still be some UN*Xes that use System V curses rather than ncurses.  (I don't know whether any non-ancient UN*Xes provide only the original BSD curses, but BSD curses has a lot less functionality than SV curses, so it's probably not a useful target; SV curses is probably the minimum target for which you'd want to develop.)

Fast searching for differences in API between ncurses and curses, 
I found that curses lack mouse support (man 3 curs_mouse).
Btw. nshark sounds better :)

> > Wireshark for big captures is sometimes slow, it eats lot of memory,
> > and because of gui - it's not easy to use it remotely.
> If the version you're running remotely is X11-based (which currently means "not Windows"), it can be done, although you'd have to set DISPLAY, set your X server up to accept connections from it, etc..

Right, X11 have server/client architecture, but I think people tend to use ssh X11 forwarding,
but still it's not so great...

> >   It'd be also possible to fast check how wireshark dissector will behave 
> >   if you change this byte to another value... :)
> ...and that might be useful in combination with the packet injection feature.

... and wireshark won't be longer passive sniffer (I don't know how you feel about it...),
and I think dumpcap should not inject packets. Someone should write injectcap (?)