Open KOLANICH opened 5 years ago
Great idea, and thank you for using the categories, makes my job a lot easier :+1:
I want to work on this. I have just started learning about wireshark. Can you please give a little more insight about the project?
I just provide the path to extcap server binary. The library exposes the API to introspect and change the server settings. The library itself deals with communication to the server, including subprocess calling, server crashes, restarts, lacks of permissions and parsing the stream into a sequence of pcap frames. It provides a way to register a callback function, cwlled on each frame. pcap frames bodies should not be parsed. Just provide raw blobs, 1 blob is 1 pcap frame, a user will use the tool dealing with raw pcap frames he likes.
What will the requirements be to make such a library?
@pycoder2000, what do you mean?
requirements.txt
? It is unneeded, dependencies must be specified the way available to the package manager, such as setup.cfg
. subprocess
and struct
are already in python standard library. But you may need a library parsing extcap grammar. Extcap grammar is a text-based grammar, so you may need UniGrammar + parser gens to develop it properly (read the manual, if you are a newbie in grammars). The grammar parser should be a separate package.
For the features ... as I have said, an easy to use interface is needed without any low-level details burdening its users.
See also chapter 8.2 "Extcap: Developer's Guide" in the Wireshark Developer's Guide, which shows examples of the command-line arguments, and standard output, that an extcap program/script should have.
(I say "program/script", rather than "client library", as extcap extensions to Wireshark should be programs or scripts that can be run, they're not a library in the UN*X/Windows sense. If your goal is to extend Wireshark by some mechanism other than a runnable program or script, that will involve more work; for one thing, Wireshark does support some level of extensibility via Lua scripts, but currently doesn't support running Python scripts as part of the Wireshark process, so you can't directly talk to Wireshark's internals.)
My goal is not to extend wireshark, but react on captures in realtime. I.e. I start an app which activity is captured, I start an another custmo app written in python, but using the extcap library that uses an extcap host (I am particulary interested in USBPcap which captures USB frames). My app observes the activity of the foreign app and maybe interacts with it in the way, dependent on the captured data, in real time. No wireshark at all is involved at this stage, but it is trivial to capture the pcap frames into a pcap file for later manual observation using wireshark, if it is needed.
Though for this particular case dynamic instrumentation and hooking, i.e. with DynamoRIO can suit better (since using hooking I can also fake the fra es the app receives), it still would be nice to have python interface for extcaps.
I just implemented that: https://github.com/paulo-raca/extcapy
Please take a look and let me know what you think
@paulo-raca, though your lib is useful, this idea is opposite to the one proposed here. Your lib is for writing extcaps for wireshark, the idea is about creating a lib simplifying using extcaps in own apps without wireshark.
Please take a look and let me know what you think
I think that you should really use pylint
. I see some flaws in your code. It is likely that pylint would detect them.
@paulo-raca, though your lib is useful, this idea is opposit to the one proposed here. Your lib is for writing extcaps for wireshark, the idea is about the lib using extcaps in own apps without wireshark.
🤦♂️ Sorry, I misread it
I think that you should really use
pylint
. I see some flaws in your code. It is likely that pylint would detect them.
Thanks for the suggestion, I'll do it
Project description
extcap is an interface between Wireshark and third-party programms allowing Wireshark to visualize their captures when they are capturing, control capture process and select what is being captured.
It would be nice to have a python library doing the same. The library should not parse pcap stream (should parse only headers, the rest of frames should not he touched, because there are too many formats for the payload), instead it should concentrate on managing the process and providing the API for managing capture.
Relevant Technology
Here is an extcap server written in python, that can be used to understand extcap protocol: https://github.com/wireshark/wireshark/blob/master/doc/extcap_example.py
Complexity and required time
Complexity
[x] Beginner - This project requires no or little prior knowledge of the technolog(y|ies) specified to contribute to the project
Required time (ETA)
[x] Little work - A couple of days
Categories