Wireshark-bugs: [Wireshark-bugs] [Bug 2884] New: Wireshark enhanced with features like connectio
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2884
Summary: Wireshark enhanced with features like connection
management, wild card display filter support,
autocapture option etc to meet the requirement of
internal monitoring tool.
Product: Wireshark
Version: 1.0.0
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Enhancement
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: sachin.verma@xxxxxxxxxxx
CC: sachin.verma@xxxxxxxxxxx
Build Information:
wireshark 1.0.0MMT
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.5,
with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, without WinPcap, without
AirPcap.
Built using Microsoft Visual C++ 8.0 build 50727
--
We have done certain enhancements and customizations in wireshark to cater to
our requirements and have named the customized wireshark as MMT. Following are
precisely the enhancements, the patches for which are attached herewith.
1. Wireshark customized and renamed to MMT.
2. A new MMT toolbar and menu bar option added to wireshark GUI for MMT related
controls.
2.1 The toolbar contains a connection indicator (described in point 3) and an
autocapture mode toggle button(described in point 4).
2.2 The menu bar option contains the option to show/hide MMT toolbar and to
toggle autocapture mode.
3. Connection management feature has been added to wireshark to maintain a
connection with its peer node called MMT Support Software (MMTSS).
3.1 MMT opens a UDP port for connection management and sends a KeepAlive
message to MMTSS periodically. The keepalive message being sent contains a flag
that indicates MMTSS to send packets for monitoring or not.
3.2 MMTSS sends Hello message to MMT periodically.
3.3 In case any of the MMT or MMTSS doesn't receive the Hello or Keepalive
message for a maximum period of time, MMt-MMTSS connection is assumed to be
down.
3.4 MMT monitors only the messages forwarded to it by MMTSS. MMTSS sends the
messages to MMT on its message monitoring port (another port opened by MMT in
addition to Connection management port)
4. Autocapture option
4.1 User can toggle this option on or off from the new controls provided in the
GUI.
4.2 When this option is ON, MMT automatically starts capturing and decoding the
messages as soon as MMT-MMTSS connection comes up or reconnects after a tear
down.
4.3 In case this option is OFF, user shall have to start the capturing
manually.
5. MMT configuration options are read from a configuration file.
5.1 Among the connection management options like port numbers and IP addresses
of MMT and MMTSS, this file also contains a field named default_capture filter
and autocapture option.
5.2 Default capture_filter is appended automatically to all the capture filters
provided by the user and is by default configured to allow the capture of only
those messages received by MMT on its message monitoring port.
5.3 autocapture option in the configuration file sets the autocapture mode for
MMT and is updated in this file whenever user toggles this option in the GUI.
6. Wild card support for the display filters has also been provided. It works
when user provides the exact expansion of the wild card expression in the user
defined display filters list. Whenever usre changes the Right Hand Side of the
wild card expression, the corresponding change is automatically done it the
expanded version of this wildcard expression that can be applied then to the
packets.
two new files, conn_mgmt.c and conn_mgmt.h were added in addition to modifying
the existing files for wireshark. The attachments include three diff files....
1. For prefs.c file found in epan directory
2. For prefs.h file found in epan directory
3. Diff file for entire gtk folder because all the modified files lie in this
folder.
4. Sample MTM configuration file.
We request wireshark community to please review the code changes and let us
know if the changes are generic enough to be able to bring in the mainstream
wireshark development.
We have a stub for the peer node of MMT as well. In case you would like to use
it for evaluating the enhancements, please let us know and we will provide you
the same.
T & R
Sachin
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.