This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to develop a packet capture software like wireshark?

0

Resently, i want to develop a software just like wireshark. but i do not have much knowledge about GTK/PYTHON, i am a windows user. I wonder to know how thoese technology assemble together in wireshark. i want to do this in VS2010 and use sharppcap, but there is not much parse, can some one give me some advice about how to develop such a software in windows? thanks very much.

This question is marked "community wiki".

asked 07 Mar '11, 06:46

underwater0909's gravatar image

underwater0909
1111
accept rate: 0%


One Answer:

1

If you want to write something just like Wireshark, the first thing to do is to find enough time to write about 2.8 million lines of code. You might be able to reduce the number of lines of code to write if you develop code to read protocol description languages such as ASN.1, one of the DCE RPC interface description languages (OSF's IDL, Microsoft's MIDL, or Samba's PIDL), rpcgen, and perhaps a language for protocols not natively described in such a language, and dissect those protocols by reading a description of the protocol.

I.e., writing software "just like Wireshark" is not an easy task. It would take many pages worth of answer here just to give you enough advice to be useful at all. The GUI part is probably one of the easier parts - there may be a lot of code to write, but it's probably pretty mechanical. Writing code to dissect packets and to display the results is the hard part.

answered 07 Mar '11, 18:24

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%