FredrikAugust
commented
5 years ago Great idea, and thank you for using the categories, makes my job a lot easier :+1:
Open KOLANICH opened 5 years ago
FredrikAugust
commented
5 years ago Great idea, and thank you for using the categories, makes my job a lot easier :+1:
Exter-dg
commented
4 years ago I want to work on this. I have just started learning about wireshark. Can you please give a little more insight about the project?
KOLANICH
commented
4 years ago I just provide the path to extcap server binary. The library exposes the API to introspect and change the server settings. The library itself deals with communication to the server, including subprocess calling, server crashes, restarts, lacks of permissions and parsing the stream into a sequence of pcap frames. It provides a way to register a callback function, cwlled on each frame. pcap frames bodies should not be parsed. Just provide raw blobs, 1 blob is 1 pcap frame, a user will use the tool dealing with raw pcap frames he likes.
pycoder2000
commented
4 years ago What will the requirements be to make such a library?
KOLANICH
commented
4 years ago @pycoder2000, what do you mean?
requirements.txt? It is unneeded, dependencies must be specified the way available to the package manager, such as setup.cfg. subprocess and struct are already in python standard library. But you may need a library parsing extcap grammar. Extcap grammar is a text-based grammar, so you may need UniGrammar + parser gens to develop it properly (read the manual, if you are a newbie in grammars). The grammar parser should be a separate package.
For the features ... as I have said, an easy to use interface is needed without any low-level details burdening its users.
guyharris
commented
4 years ago See also chapter 8.2 "Extcap: Developer's Guide" in the Wireshark Developer's Guide, which shows examples of the command-line arguments, and standard output, that an extcap program/script should have.
(I say "program/script", rather than "client library", as extcap extensions to Wireshark should be programs or scripts that can be run, they're not a library in the UN*X/Windows sense. If your goal is to extend Wireshark by some mechanism other than a runnable program or script, that will involve more work; for one thing, Wireshark does support some level of extensibility via Lua scripts, but currently doesn't support running Python scripts as part of the Wireshark process, so you can't directly talk to Wireshark's internals.)
KOLANICH
commented
4 years ago My goal is not to extend wireshark, but react on captures in realtime. I.e. I start an app which activity is captured, I start an another custmo app written in python, but using the extcap library that uses an extcap host (I am particulary interested in USBPcap which captures USB frames). My app observes the activity of the foreign app and maybe interacts with it in the way, dependent on the captured data, in real time. No wireshark at all is involved at this stage, but it is trivial to capture the pcap frames into a pcap file for later manual observation using wireshark, if it is needed.
Though for this particular case dynamic instrumentation and hooking, i.e. with DynamoRIO can suit better (since using hooking I can also fake the fra es the app receives), it still would be nice to have python interface for extcaps.
paulo-raca
commented
3 years ago I just implemented that: https://github.com/paulo-raca/extcapy
Please take a look and let me know what you think
KOLANICH
commented
3 years ago @paulo-raca, though your lib is useful, this idea is opposite to the one proposed here. Your lib is for writing extcaps for wireshark, the idea is about creating a lib simplifying using extcaps in own apps without wireshark.
Please take a look and let me know what you think
I think that you should really use pylint. I see some flaws in your code. It is likely that pylint would detect them.
paulo-raca
commented
3 years ago @paulo-raca, though your lib is useful, this idea is opposit to the one proposed here. Your lib is for writing extcaps for wireshark, the idea is about the lib using extcaps in own apps without wireshark.
🤦♂️ Sorry, I misread it
I think that you should really use
pylint. I see some flaws in your code. It is likely that pylint would detect them.
Thanks for the suggestion, I'll do it
Project description
extcap is an interface between Wireshark and third-party programms allowing Wireshark to visualize their captures when they are capturing, control capture process and select what is being captured.
It would be nice to have a python library doing the same. The library should not parse pcap stream (should parse only headers, the rest of frames should not he touched, because there are too many formats for the payload), instead it should concentrate on managing the process and providing the API for managing capture.
Relevant Technology
Here is an extcap server written in python, that can be used to understand extcap protocol: https://github.com/wireshark/wireshark/blob/master/doc/extcap_example.py
Complexity and required time
Complexity
[x] Beginner - This project requires no or little prior knowledge of the technolog(y|ies) specified to contribute to the project
Required time (ETA)
[x] Little work - A couple of days
Categories