ashdnazg / pyreshark Goto Github PK

A Wireshark plugin providing a simple interface for writing dissectors in Python.

Home Page: https://github.com/ashdnazg/pyreshark/releases/tag/0.1.4

CMake 2.88% Python 70.31% C 26.81%

pyreshark's Introduction

Latest Downloads:
https://github.com/ashdnazg/pyreshark/releases/tag/0.1.4

Windows Installer for all versions:
https://github.com/ashdnazg/pyreshark/releases/download/0.1.4/pyreshark_0.1.4_installer.exe

General Information
-------------------

Pyreshark is a plugin for Wireshark with the purpose of allowing other plugins to be written with:
1. Python
2. Ease
3. Efficiency

The source code and some binaries can be found in https://github.com/ashdnazg/pyreshark

License
-------
Pyreshark is released under the GNU GPLv2 license. See <http://www.gnu.org/licenses/gpl-2.0.html> for details.

Installation
------------
Python 2.7.* or 2.6.* is required, so make sure it is installed.

Put pyreshark.dll in <Wireshark-Dir>\plugins\1.*.*\
Put all files in the python folder in <Wireshark-Dir>\python.

The overall directory structure should be:
<Wireshark-Dir>\python
<Wireshark-Dir>\python\cal
<Wireshark-Dir>\python\protocols

Using Pyreshark
---------------

To add an existing dissector just drop it in <Wireshark-Dir>\python\protocols

To write a new dissector see the guide at https://github.com/ashdnazg/pyreshark/wiki/Writing-Dissectors

Building Pyreshark
------------------
Currently the plugin was tested on win32, win64 and some linux distro's.

Win32/64 Instructions:

1. Get Wireshark's source. (version 1.12 or 1.10 is required)
2. Build Wireshark.
3. Get pyreshark's source through hg clone.
4. Place pyreshark's source in the plugins dir of Wireshark's source.
5. Go to <WS_source_root>\plugins\pyreshark and run:
nmake -f Makefile.nmake all
6. If all went well, you can now copy the shiny new pyreshark.dll and python folder to your Wireshark installation.

Linux Instructions:
1. Get Wireshark's source.
2. Get pyreshark's source through hg clone.
3. Place pyreshark's source in the plugins dir of Wireshark's source.
4. If your Python dynamic library isn't named libpython2.*.so.1.0 or isn't in the search path,
change the PYTHON_* values in python_loader.h to the correct full path of the library.
5. Follow the instructions in http://anonsvn.wireshark.org/wireshark/trunk/doc/README.plugins
6. Build Wireshark and install it.
7. If all went well, you should have the plugin installed as well.

Contact
-------
I'd be more than happy to receive bug reports, suggestions and/or pleas for help through mail (<ashdnazg [AT] gmail.com>)
and assist accordingly.
If further support or commercial work is required, I may certainly be contracted for projects of both open-source and closed-source nature.

Go wild.

pyreshark's People

Contributors

Stargazers

Watchers

pyreshark's Issues

maximum recursion depth exceeded on a simple code

Pyreshark 0.1.3 / Win32
On a simple code

'''
@summary: A my test protocol...
'''
from cal.cal_types import ProtocolBase, FieldItem, PyFunctionItem, Subtree, TextItem
from cal.ws_consts import FT_UINT32, FT_UINT16, BASE_HEX, FT_UINT8, FT_ETHER, FT_IPv4

class Protocol(ProtocolBase):
    def __init__(self):
        self._name = "MyTest over TCP"
        self._filter_name = "mytest"
        self._short_name = "MYTEST"
        self._items = [FieldItem("header", FT_UINT32, "Mytest header", display = BASE_HEX),
                       Subtree(TextItem("Op", "Operation"), [PyFunctionItem(self.add_addresses, { "t1" : FieldItem("t1",     FT_UINT32, "T1"),
                                                                                                  "t2" : FieldItem("t2",     FT_UINT32, "T2"),
                                                                                                  "t3" : FieldItem("t3",     FT_UINT32, "T3"),
                                                                                                  "t4" : FieldItem("t4",     FT_UINT32, "T4"),
                                                                                                  "t5" : FieldItem("t5",     FT_UINT32, "T5"),
                                                                                                  "t6" : FieldItem("t6",     FT_UINT32, "T6"),
                                                                                                })]),
                       ]
        self._register_under = { "tcp.port": 16001}

    def add_addresses(self, packet):
        ptype = packet.unpack(">L",4)[0]
        packet.read_item("t1")
        packet.offset += 16
        packet.read_item("t2")
        packet.read_item("t3")

I've got errors on long files:
Traceback (most recent call last):
File "_ctypes/callbacks.c", line 314, in 'calling callback function'
File "C:\Program Files\Wireshark\python\cal\cal_types.py", line 499, in _callback
p = Packet(p_tvb_and_tree.contents.tvb, p_tvb_and_tree.contents.tree, p_pinfo, p_offset, self._cal, self._items_dict)
RuntimeError: maximum recursion depth exceeded while calling a Python object
Traceback (most recent call last):
File "_ctypes/callbacks.c", line 314, in 'calling callback function'
......

How to enhance tcp packet?

To dissector data in tcp packet.

Thanks.

make fails for pyreshark

Hi,

I followed all steps provided in https://code.google.com/p/pyreshark/wiki/BuildingPyreshark . But when I tried to build it calling the make of "wireshark", I'm getting the following error.

Making all in pyreshark
make[3]: Entering directory /home/paavu/wireshark/plugins/pyreshark' CC plugin.lo CC pyreshark.lo CC python_loader.lo CCLD pyreshark.la /usr/bin/python generate_ws_consts.py python/cal/ws_consts.py cp templates/ws_types.py.1_99 python/cal/ws_types.py cp: cannot stat ‘templates/ws_types.py.1_99’: No such file or directory make[3]: *** [ws_types] Error 1 make[3]: Leaving directory/home/paavu/wireshark/plugins/pyreshark'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory /home/paavu/wireshark/plugins' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory/home/paavu/wireshark'
make: *** [all] Error 2

In templates directory, I don't find ws_types.py.1_99. Is this file created dynamically? Or can we rename one of the files under templates directory?

System details:
Ubuntu 14.04
Pyreshark version - 0.1.4 (as per Changelog file)
wireshark version "v1.99.6rc0-48-g8204578"

How to set _register_under for TCP

Wow, this project is awesome!
I have some start-difficulties:
I want to implement a protocol like HTTP, which is directly under TCP.
What do I have to enter as value for self._register_under = {"tcp": ???}?

Thanks :-)

Weird set_next_dissector behavior?

I might be overlooking something extremely simple... but I'm having some trouble setting the next dissector when passing a variable representing a string to the set_next_dissector() function, rather than a string itself. For instance:

self.set_next_dissector('protocol') works, while

self.set_next_dissector(protocol_name) does not, even if protocol_name == 'protocol' .

Can't set text for certain columns?

I'm having trouble setting the text for a few columns (notably anything to do with source ip's or ports or destinations). I'm able to set other columns, strangely, like "Protocol" and "Info"

pyreshark v0.1.4 installer does not copy all files

pyreshark_0.1.4_installer.exe does not copy pyreshark.dll into the plugins directory and does not copy pyreshark_locator.py into the python directory in wireshark.

Python 3 Support

The README currently states:

Python 2.7.* or 2.6.* is required, so make sure it is installed.

Any plans to support Python 3?

Some easy first steps would be to

from __future__ import absolute_import, division, print_function, unicode_literals
The future package: http://python-future.org/
Or the six package: https://pythonhosted.org/six/

Handle split TCP packets

Any ideas on how to accomplish this with pyreshark? https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html#TcpDissectPdus
Not sure if I'm missing something obvious or not.

Update pyreshark to Wireshark 1.12

plugin.c:44:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘const’
WS_DLL_PUBLIC_NOEXTERN const gchar version[] = VERSION;
^
plugin.c:48:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘void’
WS_DLL_PUBLIC_NOEXTERN void
^
plugin.c:54:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘void’
WS_DLL_PUBLIC_NOEXTERN void
^
$ gcc -v
Using built-in specs.
COLLECT_GCC=/usr/local/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-unknown-linux-gnu/4.8.2/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ./configure --disable-gnu-unique-object --disable-multilib --enable-version-specific-runtime-libs --enable-languages=c,c++ --prefix=/usr --program-suffix=48
Thread model: posix
gcc version 4.8.2 (GCC)

Performance compare to Lua?

Has anyone compared the performance of pyreshark to Lua when doing something more complicated than just field items?
I know the PyFunctionItem callbacks will be slower, particularly when unpacking packets, but does anyone know if they're faster/slower than doing something similar in Lua? I'm aware that performance can vary, but I'm particularly curious if packet.unpack is going to be a performance bottleneck compared to a similar implementation in Lua.

Is this an bug? can't pass information between different functions in class Protocol(ProtocolBase)

In doc "Writing Dissectors" https://github.com/ashdnazg/pyreshark/wiki/Writing-Dissectors
said:
"You can pass information between different functions by storing it in the Protocol object (accessible through self), just make sure you reset your value when dissecting a new packet, as the same Protocol object is used for dissecting all packets."

But this only works when pass information between function like this: def function(self, packet):
Can't access self.infomation between function whitout paramater like : def function(self):

class Protocol(ProtocolBase):
def init(self):
self._name = "x Protocol"
self._filter_name = "x"
self._short_name = "x"
self._register_under = {"tcp.port": 8000}
self._items = []
self.set_items()

def set_items(self):
    self._items.extend(self.message_header())
    self._items.extend(self.message_body())

def message_header(self):
    return [
        FieldItem("identifier", FT_STRING, "identifier", length=4),
        PyFunctionItem(self.dissect_type, {
            "key_message_type": FieldItem("message_type", FT_UINT16, "message_type", strings=MESSAGE_TYPE, display=BASE_HEX)
        }),            
        FieldItem("length", FT_UINT16, "length")         
    ]

def dissect_type(self, packet):
    packet.read_item("key_message_type")
    (self._message_type,) = struct.unpack("<h", packet.buffer[6:8])

def message_body(self):
   logger.info("I can't see infomatio:" + self._message_type)
    return [
        PyFunctionItem(self.dissect_body, {
        FieldItem("checksum", FT_UINT16, "checksum"),
        })
    ]  

def dissect_body(self, packet):
    logger.info("I can see infomatio:" + self._message_type)

IOError while running wireshark from build directory for pyreshark

Hi,

Firstly, apologies for asking trivial questions!

I'm trying to build wireshark after building from pyreshark. When I run the command WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ./wireshark

I get the following error.

Can't open Pyreshark init file: /home/paavu/wireshark-1.12.4/python/pyreshark.py IOError: [Errno 2] No such file or directory: '/home/paavu/wireshark-1.12.4/python/pyreshark.py'

The actual path of pyreshark.py is wireshark-1.12.4/plugins/pyreshark/python/pyreshark.py

Any help is appreciated.

Regards,
Praveen

Add a LICENSE

A GPL2-compatible license is required as this is a Wireshark-derivative work.

ashdnazg / pyreshark Goto Github PK

pyreshark's Introduction

pyreshark's People

Contributors

Stargazers

Watchers

Forkers

pyreshark's Issues

Recommend Projects

Recommend Topics

Recommend Org