Wireshark-dev: [Wireshark-dev] Wireshark packet editor (was Re: Anyone heard of Netdude?)
From: Gregory Seidman <[email protected]>
Date: Mon, 7 Feb 2011 15:25:25 -0500
On Mon, Feb 07, 2011 at 12:08:01PM -0800, Sam Roberts wrote:
> On Mon, Feb 7, 2011 at 11:36 AM, Gregory Seidman
> <[email protected]> wrote:
> > Ah, interesting. Thanks for the info on netdude. I clearly disagree with
> > you in that I think Wireshark (the project, though not necessarily the
> > existing GUI) is the best possible place for packet editing.
> 
> Modifying packets would involve significantly more work on the part of
> the dissector developers, and it can be very difficult to even know
> what it means to "modify" a packets.
[...]
> Going the other way, encoding packets, there are HUGE amounts of
> discretion and choice involved, and once you get into the realm of
> modifying packets, possibly involving generating non-compliant
> packets, the choice explodes to the point that I can's see how a
> general purpuse GUI would ever do a good job of it.

I'm not going to claim that there aren't technical challenges; there
clearly are, and I've thought about some of them. Some modifications could
be done based entirely on the protocol tree, while others would need
dissectors to provide more information or, in some cases, execute code to
encode changes. I don't think it's even a reasonable goal to make every
field of every kind editable.

What I asked in the original post, however, was whether there were reasons
not to have editing capabilities in the Wireshark project (again, not
necessarily the current Wireshark GUI) beyond the technical difficulties
involved.

> Cheers,
> Sam
--Greg