stefanodevenuto
commented
1 year ago Hi, sorry for the late reply! I have to admit that I was not aware about the existence of this project, but I find it pretty interesting.
Currently we rellies on libpnet for both sniffing and recovering of the information from the different packets, but this limits us on analyzing only the one exposed by libpnet. By adopting it, we could implement the new packets as .ksy files and see the results (and then gradually refactor the old ones), which is extremely convenient!
I would love to discuss more about katai structs functionalities, may I ask you a little PoC written in Rust? Or if you prefer to talk, would you mind connecting on Discord/Teamspeak?
dzervas
I would really like an integration with kaitai structs. It's a project to define language agnostic structs to parse arbitrary data. I'm reverse engineering a proprietary binary protocol and it would give me a very strong debugging ability to be able to parse network packets using it.
I also think that it would set this project apart from wireshark, as writing custom wireshark parsers is not that easy and requires constant maintenance to reflect the protocol/packet of the developed app, while kaitai would be used directly in the source code of the app (and supports "all" languages).
It would also give a bunch of already written parsers for free (although I don't know how many of them are network oriented)