ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] [GSoC] Packet Editor and Viewer

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 18 Apr 2013 10:00:09 -0700
On Apr 15, 2013, at 1:57 PM, Edwin Abraham <edwin.abraham12@xxxxxxxxx> wrote:

> I agree on the confusion. The initial thought when I saw the project details on the Wireshark GSoC page was that a platform to design dissectors based on existing data.

That's an interesting idea, but that's not any of the current GSoC proposals.  Perhaps it should be.

> My thought about the Packet Editor environment was to have a UI that can be used for multiple functions. Packet editing, Creating Filter/Dissectors, Tools making listener. The main function would be to extend the editcap capabilities to the GUI.

...which means deleting entire packets (-A and -B; -d, -D, and -w; and the packet range arguments and -r), tweaking time stamps (-S and -t), removing data from all or specified packets (-C and -s).

The randomly-trash-data-in-the-packet function is there for fuzz-testing, and probably doesn't need to be in Wireshark.

The other functions are for splitting capture files up; that would probably be done in a function under the File menu in an Export function; it's not an interactive editing function.

The only editcap functions that involve editing packet data are the ones that chop data from the beginning or end of the packet; there's nothing that resembles the current (not configured in by default) packet editor UI. 

> After filtering out and selecting the required packets, they are opened in the Packet Editor UI. The packets can be a capture file or a capturing device

"A capturing device" is, in effect, a capture file; if you're doing, or have done, a live capture, Wireshark has a capture file open that contains the captured packets.

> but the filter has to narrow down the packet editing.
> The UI will have three sets of toolbar and options (editcap,dissector,listener) to manipulate the packet. 
> 
> There will also exist a viewing tools to change how the selection of packets are percieved. Like data can be represented as HEX/BIN/ASCII with help of toggle switches.

To which data are you referring?  A particular field?

> Below is a rough idea of how the UI can look like.

Static views of a UI don't always indicate very much.

Could you describe a typical task that would be done with the UI, by walking through the operations that would be done with the UI elements?
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube