I just completed a course in "C on Linux", Data Structures, Linux user space programming and Linux Device Drivers. Now I find myself a little confused and in the middle of nowhere. I would like to learn & make tools such as Wireshark (I understand its a very complex tool with years of man hours effort gone into it...but all newbies have to start somewhere :-) )
So my dilemma is as follows :
PS: Kindly do answer these questions as I am confused at the moment. I am trying to look for answers n google too.
asked 14 Aug '15, 01:00
Here a list of resources you can pull information from:
answered 14 Aug '15, 01:53
Wireshark is a userspace program, and as all such applications it will make use of system\kernel APIs to run. note Wireshark isn't limited to Linux, but runs on multiple platforms.
Wireshark is a packet analyser, it allows you to analyze traffic made by other applications but has very little internal involvement with network programming as such.
answered 14 Aug '15, 01:56
Whireshark is way too complex to start with after a C programming course. I guess you don't have much programming experience, so you should look at a task that is achievable in a certain amount of time. If you are interesting in network sniffer, you should probably first start with a libpcap tutorial (https://www.google.com/?q=libpcap+programming+tutorial). That should teach you:
After you've done that, you can start with more advanced tasks, like trying to re-write a dissector for an already existing protocol, like SMTP or something similar, obviously without looking at the existing code ;-)).
answered 15 Aug '15, 02:37
Kurt Knochner ♦