ashdnazg / pyreshark Goto Github PK
View Code? Open in Web Editor NEWA Wireshark plugin providing a simple interface for writing dissectors in Python.
Home Page: https://github.com/ashdnazg/pyreshark/releases/tag/0.1.4
A Wireshark plugin providing a simple interface for writing dissectors in Python.
Home Page: https://github.com/ashdnazg/pyreshark/releases/tag/0.1.4
Latest Downloads: https://github.com/ashdnazg/pyreshark/releases/tag/0.1.4 Windows Installer for all versions: https://github.com/ashdnazg/pyreshark/releases/download/0.1.4/pyreshark_0.1.4_installer.exe General Information ------------------- Pyreshark is a plugin for Wireshark with the purpose of allowing other plugins to be written with: 1. Python 2. Ease 3. Efficiency The source code and some binaries can be found in https://github.com/ashdnazg/pyreshark License ------- Pyreshark is released under the GNU GPLv2 license. See <http://www.gnu.org/licenses/gpl-2.0.html> for details. Installation ------------ Python 2.7.* or 2.6.* is required, so make sure it is installed. Put pyreshark.dll in <Wireshark-Dir>\plugins\1.*.*\ Put all files in the python folder in <Wireshark-Dir>\python. The overall directory structure should be: <Wireshark-Dir>\python <Wireshark-Dir>\python\cal <Wireshark-Dir>\python\protocols Using Pyreshark --------------- To add an existing dissector just drop it in <Wireshark-Dir>\python\protocols To write a new dissector see the guide at https://github.com/ashdnazg/pyreshark/wiki/Writing-Dissectors Building Pyreshark ------------------ Currently the plugin was tested on win32, win64 and some linux distro's. Win32/64 Instructions: 1. Get Wireshark's source. (version 1.12 or 1.10 is required) 2. Build Wireshark. 3. Get pyreshark's source through hg clone. 4. Place pyreshark's source in the plugins dir of Wireshark's source. 5. Go to <WS_source_root>\plugins\pyreshark and run: nmake -f Makefile.nmake all 6. If all went well, you can now copy the shiny new pyreshark.dll and python folder to your Wireshark installation. Linux Instructions: 1. Get Wireshark's source. 2. Get pyreshark's source through hg clone. 3. Place pyreshark's source in the plugins dir of Wireshark's source. 4. If your Python dynamic library isn't named libpython2.*.so.1.0 or isn't in the search path, change the PYTHON_* values in python_loader.h to the correct full path of the library. 5. Follow the instructions in http://anonsvn.wireshark.org/wireshark/trunk/doc/README.plugins 6. Build Wireshark and install it. 7. If all went well, you should have the plugin installed as well. Contact ------- I'd be more than happy to receive bug reports, suggestions and/or pleas for help through mail (<ashdnazg [AT] gmail.com>) and assist accordingly. If further support or commercial work is required, I may certainly be contracted for projects of both open-source and closed-source nature. Go wild.
Wow, this project is awesome!
I have some start-difficulties:
I want to implement a protocol like HTTP, which is directly under TCP.
What do I have to enter as value for self._register_under = {"tcp": ???}
?
Thanks :-)
Hi,
I followed all steps provided in https://code.google.com/p/pyreshark/wiki/BuildingPyreshark . But when I tried to build it calling the make of "wireshark", I'm getting the following error.
Making all in pyreshark
make[3]: Entering directory /home/paavu/wireshark/plugins/pyreshark' CC plugin.lo CC pyreshark.lo CC python_loader.lo CCLD pyreshark.la /usr/bin/python generate_ws_consts.py python/cal/ws_consts.py cp templates/ws_types.py.1_99 python/cal/ws_types.py cp: cannot stat ‘templates/ws_types.py.1_99’: No such file or directory make[3]: *** [ws_types] Error 1 make[3]: Leaving directory
/home/paavu/wireshark/plugins/pyreshark'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory /home/paavu/wireshark/plugins' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory
/home/paavu/wireshark'
make: *** [all] Error 2
In templates directory, I don't find ws_types.py.1_99. Is this file created dynamically? Or can we rename one of the files under templates directory?
System details:
Ubuntu 14.04
Pyreshark version - 0.1.4 (as per Changelog file)
wireshark version "v1.99.6rc0-48-g8204578"
I'm having trouble setting the text for a few columns (notably anything to do with source ip's or ports or destinations). I'm able to set other columns, strangely, like "Protocol" and "Info"
To dissector data in tcp packet.
Thanks.
Pyreshark 0.1.3 / Win32
On a simple code
'''
@summary: A my test protocol...
'''
from cal.cal_types import ProtocolBase, FieldItem, PyFunctionItem, Subtree, TextItem
from cal.ws_consts import FT_UINT32, FT_UINT16, BASE_HEX, FT_UINT8, FT_ETHER, FT_IPv4
class Protocol(ProtocolBase):
def __init__(self):
self._name = "MyTest over TCP"
self._filter_name = "mytest"
self._short_name = "MYTEST"
self._items = [FieldItem("header", FT_UINT32, "Mytest header", display = BASE_HEX),
Subtree(TextItem("Op", "Operation"), [PyFunctionItem(self.add_addresses, { "t1" : FieldItem("t1", FT_UINT32, "T1"),
"t2" : FieldItem("t2", FT_UINT32, "T2"),
"t3" : FieldItem("t3", FT_UINT32, "T3"),
"t4" : FieldItem("t4", FT_UINT32, "T4"),
"t5" : FieldItem("t5", FT_UINT32, "T5"),
"t6" : FieldItem("t6", FT_UINT32, "T6"),
})]),
]
self._register_under = { "tcp.port": 16001}
def add_addresses(self, packet):
ptype = packet.unpack(">L",4)[0]
packet.read_item("t1")
packet.offset += 16
packet.read_item("t2")
packet.read_item("t3")
I've got errors on long files:
Traceback (most recent call last):
File "_ctypes/callbacks.c", line 314, in 'calling callback function'
File "C:\Program Files\Wireshark\python\cal\cal_types.py", line 499, in _callback
p = Packet(p_tvb_and_tree.contents.tvb, p_tvb_and_tree.contents.tree, p_pinfo, p_offset, self._cal, self._items_dict)
RuntimeError: maximum recursion depth exceeded while calling a Python object
Traceback (most recent call last):
File "_ctypes/callbacks.c", line 314, in 'calling callback function'
......
A GPL2-compatible license is required as this is a Wireshark-derivative work.
Any ideas on how to accomplish this with pyreshark? https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html#TcpDissectPdus
Not sure if I'm missing something obvious or not.
plugin.c:44:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘const’
WS_DLL_PUBLIC_NOEXTERN const gchar version[] = VERSION;
^
plugin.c:48:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘void’
WS_DLL_PUBLIC_NOEXTERN void
^
plugin.c:54:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘void’
WS_DLL_PUBLIC_NOEXTERN void
^
$ gcc -v
Using built-in specs.
COLLECT_GCC=/usr/local/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-unknown-linux-gnu/4.8.2/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ./configure --disable-gnu-unique-object --disable-multilib --enable-version-specific-runtime-libs --enable-languages=c,c++ --prefix=/usr --program-suffix=48
Thread model: posix
gcc version 4.8.2 (GCC)
Hi,
Firstly, apologies for asking trivial questions!
I'm trying to build wireshark after building from pyreshark. When I run the command WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ./wireshark
I get the following error.
Can't open Pyreshark init file: /home/paavu/wireshark-1.12.4/python/pyreshark.py IOError: [Errno 2] No such file or directory: '/home/paavu/wireshark-1.12.4/python/pyreshark.py'
The actual path of pyreshark.py is wireshark-1.12.4/plugins/pyreshark/python/pyreshark.py
Any help is appreciated.
Regards,
Praveen
Has anyone compared the performance of pyreshark to Lua when doing something more complicated than just field items?
I know the PyFunctionItem callbacks will be slower, particularly when unpacking packets, but does anyone know if they're faster/slower than doing something similar in Lua? I'm aware that performance can vary, but I'm particularly curious if packet.unpack is going to be a performance bottleneck compared to a similar implementation in Lua.
In doc "Writing Dissectors" https://github.com/ashdnazg/pyreshark/wiki/Writing-Dissectors
said:
"You can pass information between different functions by storing it in the Protocol object (accessible through self), just make sure you reset your value when dissecting a new packet, as the same Protocol object is used for dissecting all packets."
But this only works when pass information between function like this: def function(self, packet):
Can't access self.infomation between function whitout paramater like : def function(self):
class Protocol(ProtocolBase):
def init(self):
self._name = "x Protocol"
self._filter_name = "x"
self._short_name = "x"
self._register_under = {"tcp.port": 8000}
self._items = []
self.set_items()
def set_items(self):
self._items.extend(self.message_header())
self._items.extend(self.message_body())
def message_header(self):
return [
FieldItem("identifier", FT_STRING, "identifier", length=4),
PyFunctionItem(self.dissect_type, {
"key_message_type": FieldItem("message_type", FT_UINT16, "message_type", strings=MESSAGE_TYPE, display=BASE_HEX)
}),
FieldItem("length", FT_UINT16, "length")
]
def dissect_type(self, packet):
packet.read_item("key_message_type")
(self._message_type,) = struct.unpack("<h", packet.buffer[6:8])
def message_body(self):
logger.info("I can't see infomatio:" + self._message_type)
return [
PyFunctionItem(self.dissect_body, {
FieldItem("checksum", FT_UINT16, "checksum"),
})
]
def dissect_body(self, packet):
logger.info("I can see infomatio:" + self._message_type)
I might be overlooking something extremely simple... but I'm having some trouble setting the next dissector when passing a variable representing a string to the set_next_dissector() function, rather than a string itself. For instance:
self.set_next_dissector('protocol') works, while
self.set_next_dissector(protocol_name) does not, even if protocol_name == 'protocol' .
pyreshark_0.1.4_installer.exe does not copy pyreshark.dll into the plugins directory and does not copy pyreshark_locator.py into the python directory in wireshark.
The README currently states:
Python 2.7.* or 2.6.* is required, so make sure it is installed.
Any plans to support Python 3?
Some easy first steps would be to
from __future__ import absolute_import, division, print_function, unicode_literals
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.