Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Interested in GSOC idea: Packet Editor (CLI)

From: Kay <kay21s@xxxxxxxxx>
Date: Tue, 16 Apr 2013 14:42:24 +0800
I am a graduate student from University of Science and Technology of China. My previous projects and research focus on accelerating high-speed network processing(10Gbps) with multicore/manycore architecture. My previous projects include building a high-performance HTTP parser, a TCP lookup algorithm, and a RTSP reverse proxy. Therefore, I think I am experienced in this field, and I'd like to learn new staffs in the project.

I am very interested in the Packet Editor (CLI). The reason is that about one year ago, I have to synthesis a trace with one million concurrent sessions for the experiment of a project. Of course I used editcap that time, but I felt editcap should have more powerful functions for more useful situations. And since I will use editcap more frequently in the future, it will be good to improve edicap right now, and make it more useful for everyone :-)

I have concluded some useful features I would like editcap to have in the future, which are listed as followings:

1) Replace the address/port with specific range or random address/port. This is useful when one tries to hide the real ip addresses, or replace with new ones. [just as said in the idea page]
2) Split trace file by "connection" or "session". This is useful when one wants to split a trace file in multiple ones while still maintaining the integrity of each connection.
3) Get packets from a specific address/ a specific range of addresses from a trace file. This helps better investigate a specific connection when there existing huge amounts of them.
4) Add/delete a specific field, i.e. "Cache-Control: no-cache" in HTTP Header in all relevant packets, so we can synthesis new traces with existing ones.

5) Removing or overwriting sensitive data
And one question, the idea page write this, but I am not quite sure about what is regarded as sensitive data? what exact functions do I have to implement for this feature?

Thanks for your comments and suggestions for my ideas. And what other features will you mentors suggest me to implement in this project? Thanks.

Regards,
Kay