On Mon, Feb 07, 2011 at 12:08:01PM -0800, Sam Roberts wrote: > On Mon, Feb 7, 2011 at 11:36 AM, Gregory Seidman > <[email protected]> wrote: > > Ah, interesting. Thanks for the info on netdude. I clearly disagree with > > you in that I think Wireshark (the project, though not necessarily the > > existing GUI) is the best possible place for packet editing. > > Modifying packets would involve significantly more work on the part of > the dissector developers, and it can be very difficult to even know > what it means to "modify" a packets. [...] > Going the other way, encoding packets, there are HUGE amounts of > discretion and choice involved, and once you get into the realm of > modifying packets, possibly involving generating non-compliant > packets, the choice explodes to the point that I can's see how a > general purpuse GUI would ever do a good job of it.
I'm not going to claim that there aren't technical challenges; there clearly are, and I've thought about some of them. Some modifications could be done based entirely on the protocol tree, while others would need dissectors to provide more information or, in some cases, execute code to encode changes. I don't think it's even a reasonable goal to make every field of every kind editable. What I asked in the original post, however, was whether there were reasons not to have editing capabilities in the Wireshark project (again, not necessarily the current Wireshark GUI) beyond the technical difficulties involved. > Cheers, > Sam --Greg ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
