mattnotmitt
commented
5 years ago Could use libwireshark and compile with emscripten? Might be faster than a full JS implementation.
Open n1474335 opened 6 years ago
mattnotmitt
commented
5 years ago Could use libwireshark and compile with emscripten? Might be faster than a full JS implementation.
n1474335
commented
5 years ago Yes, this might work. There is a lot we could do with PCAP support. A fully working port of libwireshark would enable a lot of that.
michaellrowley
commented
2 years ago I've tried implementing PCAP parsing without a libwireshark port (branch) but I'm not sure about whether the packet-viewing and overall analysis functionality should be split into seperate operations or could the packet-viewing remain part of the general 'Parse PCAP' operation?
Summary
Now that CyberChef can handle large files, it would be useful to create an operation that can parse PCAPs. This operation would not include full stack protocol parsing, just the ability to separate out individual packets and perhaps specify which packets to display. Ideally it would support both .pcap and .pcap-ng formats.