Giter VIP home page Giter VIP logo

pyreshark's Introduction

Latest Downloads:
https://github.com/ashdnazg/pyreshark/releases/tag/0.1.4

Windows Installer for all versions:
https://github.com/ashdnazg/pyreshark/releases/download/0.1.4/pyreshark_0.1.4_installer.exe

General Information
-------------------

Pyreshark is a plugin for Wireshark with the purpose of allowing other plugins to be written with:
    1. Python
    2. Ease
    3. Efficiency

The source code and some binaries can be found in https://github.com/ashdnazg/pyreshark

License
-------
Pyreshark is released under the GNU GPLv2 license. See <http://www.gnu.org/licenses/gpl-2.0.html> for details.

Installation
------------
Python 2.7.* or 2.6.* is required, so make sure it is installed.

Put pyreshark.dll in <Wireshark-Dir>\plugins\1.*.*\
Put all files in the python folder in <Wireshark-Dir>\python.

The overall directory structure should be:
<Wireshark-Dir>\python
<Wireshark-Dir>\python\cal
<Wireshark-Dir>\python\protocols

Using Pyreshark
---------------

To add an existing dissector just drop it in <Wireshark-Dir>\python\protocols

To write a new dissector see the guide at https://github.com/ashdnazg/pyreshark/wiki/Writing-Dissectors


Building Pyreshark
------------------
Currently the plugin was tested on win32, win64 and some linux distro's.

Win32/64 Instructions:

    1. Get Wireshark's source. (version 1.12 or 1.10 is required)
    2. Build Wireshark.
    3. Get pyreshark's source through hg clone.
    4. Place pyreshark's source in the plugins dir of Wireshark's source.
    5. Go to <WS_source_root>\plugins\pyreshark and run:
        nmake -f Makefile.nmake all
    6. If all went well, you can now copy the shiny new pyreshark.dll and python folder to your Wireshark installation.

Linux Instructions:
    1. Get Wireshark's source.
    2. Get pyreshark's source through hg clone.
    3. Place pyreshark's source in the plugins dir of Wireshark's source.
    4. If your Python dynamic library isn't named libpython2.*.so.1.0 or isn't in the search path, 
       change the PYTHON_* values in python_loader.h to the correct full path of the library.
    5. Follow the instructions in http://anonsvn.wireshark.org/wireshark/trunk/doc/README.plugins
    6. Build Wireshark and install it.
    7. If all went well, you should have the plugin installed as well. 
    
    
    
Contact
-------
I'd be more than happy to receive bug reports, suggestions and/or pleas for help through mail (<ashdnazg [AT] gmail.com>) 
and assist accordingly.
If further support or commercial work is required, I may certainly be contracted for projects of both open-source and closed-source nature.

Go wild.

pyreshark's People

Contributors

ashdnazg avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

pyreshark's Issues

maximum recursion depth exceeded on a simple code

Pyreshark 0.1.3 / Win32
On a simple code

'''
@summary: A my test protocol...
'''
from cal.cal_types import ProtocolBase, FieldItem, PyFunctionItem, Subtree, TextItem
from cal.ws_consts import FT_UINT32, FT_UINT16, BASE_HEX, FT_UINT8, FT_ETHER, FT_IPv4

class Protocol(ProtocolBase):
    def __init__(self):
        self._name = "MyTest over TCP"
        self._filter_name = "mytest"
        self._short_name = "MYTEST"
        self._items = [FieldItem("header", FT_UINT32, "Mytest header", display = BASE_HEX),
                       Subtree(TextItem("Op", "Operation"), [PyFunctionItem(self.add_addresses, { "t1" : FieldItem("t1",     FT_UINT32, "T1"),
                                                                                                  "t2" : FieldItem("t2",     FT_UINT32, "T2"),
                                                                                                  "t3" : FieldItem("t3",     FT_UINT32, "T3"),
                                                                                                  "t4" : FieldItem("t4",     FT_UINT32, "T4"),
                                                                                                  "t5" : FieldItem("t5",     FT_UINT32, "T5"),
                                                                                                  "t6" : FieldItem("t6",     FT_UINT32, "T6"),
                                                                                                })]),
                       ]
        self._register_under = { "tcp.port": 16001}

    def add_addresses(self, packet):
        ptype = packet.unpack(">L",4)[0]
        packet.read_item("t1")
        packet.offset += 16
        packet.read_item("t2")
        packet.read_item("t3")

I've got errors on long files:
Traceback (most recent call last):
File "_ctypes/callbacks.c", line 314, in 'calling callback function'
File "C:\Program Files\Wireshark\python\cal\cal_types.py", line 499, in _callback
p = Packet(p_tvb_and_tree.contents.tvb, p_tvb_and_tree.contents.tree, p_pinfo, p_offset, self._cal, self._items_dict)
RuntimeError: maximum recursion depth exceeded while calling a Python object
Traceback (most recent call last):
File "_ctypes/callbacks.c", line 314, in 'calling callback function'
......

make fails for pyreshark

Hi,

I followed all steps provided in https://code.google.com/p/pyreshark/wiki/BuildingPyreshark . But when I tried to build it calling the make of "wireshark", I'm getting the following error.

Making all in pyreshark
make[3]: Entering directory /home/paavu/wireshark/plugins/pyreshark' CC plugin.lo CC pyreshark.lo CC python_loader.lo CCLD pyreshark.la /usr/bin/python generate_ws_consts.py python/cal/ws_consts.py cp templates/ws_types.py.1_99 python/cal/ws_types.py cp: cannot stat ‘templates/ws_types.py.1_99’: No such file or directory make[3]: *** [ws_types] Error 1 make[3]: Leaving directory/home/paavu/wireshark/plugins/pyreshark'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory /home/paavu/wireshark/plugins' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory/home/paavu/wireshark'
make: *** [all] Error 2

In templates directory, I don't find ws_types.py.1_99. Is this file created dynamically? Or can we rename one of the files under templates directory?

System details:
Ubuntu 14.04
Pyreshark version - 0.1.4 (as per Changelog file)
wireshark version "v1.99.6rc0-48-g8204578"

How to set _register_under for TCP

Wow, this project is awesome!
I have some start-difficulties:
I want to implement a protocol like HTTP, which is directly under TCP.
What do I have to enter as value for self._register_under = {"tcp": ???}?

Thanks :-)

Weird set_next_dissector behavior?

I might be overlooking something extremely simple... but I'm having some trouble setting the next dissector when passing a variable representing a string to the set_next_dissector() function, rather than a string itself. For instance:

self.set_next_dissector('protocol') works, while

self.set_next_dissector(protocol_name) does not, even if protocol_name == 'protocol' .

Can't set text for certain columns?

I'm having trouble setting the text for a few columns (notably anything to do with source ip's or ports or destinations). I'm able to set other columns, strangely, like "Protocol" and "Info"

Python 3 Support

The README currently states:

Python 2.7.* or 2.6.* is required, so make sure it is installed.

Any plans to support Python 3?

Some easy first steps would be to

Update pyreshark to Wireshark 1.12

plugin.c:44:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘const’
WS_DLL_PUBLIC_NOEXTERN const gchar version[] = VERSION;
^
plugin.c:48:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘void’
WS_DLL_PUBLIC_NOEXTERN void
^
plugin.c:54:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘void’
WS_DLL_PUBLIC_NOEXTERN void
^
$ gcc -v
Using built-in specs.
COLLECT_GCC=/usr/local/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-unknown-linux-gnu/4.8.2/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ./configure --disable-gnu-unique-object --disable-multilib --enable-version-specific-runtime-libs --enable-languages=c,c++ --prefix=/usr --program-suffix=48
Thread model: posix
gcc version 4.8.2 (GCC)

Performance compare to Lua?

Has anyone compared the performance of pyreshark to Lua when doing something more complicated than just field items?
I know the PyFunctionItem callbacks will be slower, particularly when unpacking packets, but does anyone know if they're faster/slower than doing something similar in Lua? I'm aware that performance can vary, but I'm particularly curious if packet.unpack is going to be a performance bottleneck compared to a similar implementation in Lua.

Is this an bug? can't pass information between different functions in class Protocol(ProtocolBase)

In doc "Writing Dissectors" https://github.com/ashdnazg/pyreshark/wiki/Writing-Dissectors
said:
"You can pass information between different functions by storing it in the Protocol object (accessible through self), just make sure you reset your value when dissecting a new packet, as the same Protocol object is used for dissecting all packets."

But this only works when pass information between function like this: def function(self, packet):
Can't access self.infomation between function whitout paramater like : def function(self):

class Protocol(ProtocolBase):
def init(self):
self._name = "x Protocol"
self._filter_name = "x"
self._short_name = "x"
self._register_under = {"tcp.port": 8000}
self._items = []
self.set_items()

def set_items(self):
    self._items.extend(self.message_header())
    self._items.extend(self.message_body())

def message_header(self):
    return [
        FieldItem("identifier", FT_STRING, "identifier", length=4),
        PyFunctionItem(self.dissect_type, {
            "key_message_type": FieldItem("message_type", FT_UINT16, "message_type", strings=MESSAGE_TYPE, display=BASE_HEX)
        }),            
        FieldItem("length", FT_UINT16, "length")         
    ]

def dissect_type(self, packet):
    packet.read_item("key_message_type")
    (self._message_type,) = struct.unpack("<h", packet.buffer[6:8])

def message_body(self):
   logger.info("I can't see infomatio:" + self._message_type)
    return [
        PyFunctionItem(self.dissect_body, {
        FieldItem("checksum", FT_UINT16, "checksum"),
        })
    ]  

def dissect_body(self, packet):
    logger.info("I can see infomatio:" + self._message_type)

IOError while running wireshark from build directory for pyreshark

Hi,

Firstly, apologies for asking trivial questions!

I'm trying to build wireshark after building from pyreshark. When I run the command WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ./wireshark

I get the following error.

Can't open Pyreshark init file: /home/paavu/wireshark-1.12.4/python/pyreshark.py IOError: [Errno 2] No such file or directory: '/home/paavu/wireshark-1.12.4/python/pyreshark.py'

The actual path of pyreshark.py is wireshark-1.12.4/plugins/pyreshark/python/pyreshark.py

Any help is appreciated.

Regards,
Praveen

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.