How can I add visualization capabilities to wireshark ? Like to add SOM capabilities ? asked 19 May '11, 00:48  Alia ElRoubi |
One Answer:
By writing code. :-) I assume the idea is to generate a self-organizing map of network hosts, with the input layer being the sending hosts and the output layer being the receiving hosts. You'd probably make a tap listener, similar to, say, the conversation tap listeners, so you get to look at all the packets to see which hosts are sending to which hosts, choose some form of weight for each such link (choosing a weight is left as an exercise for the reader), and generate and draw the map. Writing the code to implement Kohonen's algorithm (I'm not sure whether a network map would be fully connected, but maybe the idea is that you set the distance between unconnected nodes to infinity) and to draw the result is also left as an exercise for the reader. answered 19 May '11, 13:12  Guy Harris ♦♦ |
I mean do I program it using Visual C++ as a Plugin to wireshark. Thanks in advance.
(If you're asking additional questions, they should be comments, not answers.)
You could program it as a plugin - Wireshark does support plugin tap listeners. The GUI code might have to be written for GTK+, not any Windows GUI APIs, however. C will work; C++ plugins should, in theory, be implementable as well (see, for example, the Wireshark Generic Dissector, although that's a dissector plugin rather than a tap listener plugin).