Solutions Fast Track

Previous page
Table of content
Next page

  < Day Day Up > 


Prerequisites for Developing Ethereal

  • The Ethereal source must be obtained before you can start any new development. You have the option of downloading different types of download packages. The Ethereal website, www.ethereal.com, has links to download previous versions, the current version, nightly backups, and CVS code.

  • The requirements for Windows based computers are different from UNIX/Linux based computers. Windows based computers require additional tools to emulate the UNIX/Linux environment.

  • To build Ethereal, a number of libraries and tools will need to be used. There are several libraries that are optional depending on whether you decide to add a specific feature.

  • Ethereal can be compiled and run on a number of operating systems. For this reason you must ensure that you program in ANSI C for portability between all of the supported platforms.

  • Before you start any work on Ethereal, make sure you can compile and link Ethereal into its executable binary form.

Ethereal Design

  • The main directory of the source distribution is the primary location of protocol dissectors, protocol taps, and dissector code.

  • The GTK directory is used to store the GUI source used in Ethereal. You will find the main application as well as the toolbar and menu source in this directory.

  • Most of the utility functions for Ethereal are located in the epan directory. These functions include conversion functions as well as tvb and column functions.

  • The doc directory of the distribution is where you will locate most of the documentation that is shipped with the Ethereal source. This is a great resource to anyone wanting to develop in Ethereal.

Developing a Dissector

  • Before you start any Ethereal development, make sure you can build the Ethereal executable.

  • The first step in developing a dissector is to utilize the template provided in the README.developer document.

  • It is important to consider the GPL and other factors when modifying the header comments from the template. Note that this is where you need to add your personal information so you can receive credit for your work.

  • Global Ethereal functions are provided to ease the development of dissectors.

  • Registering your protocol dissector is a necessary process so that Ethereal knows when to pass packet data on to your dissector.

  • The hf array provides the mechanism to incorporate display and color filters.

  • Using tvb_get_xxx functions to access data for the frame. The data passed to your dissector does not include the data that has already been decoded by other dissectors.

  • Using the proto_tree functions allow you to print to the decode pane of the Ethereal GUI.

  • One of the most important steps a dissector should do is to pass any remaining packet data back to Ethereal. This way future dissectors can be written to dissect the remaining packet data.

Advanced Topics

  • Creating sub-trees allows you to display data in a more informative way in the decode pane of the GUI. Users needing more detailed information can expand the item to view the details.

  • Ethereal provides a mechanism to display bitfields in a graphical view. This allows the user to see from the bit display what the actual fields represent.

  • Many dissectors must be able to handle unicode strings. Unicode strings present a challenge to normal string processing because of their 2 byte width.

  • There are situations that require you to have the ability to track request and reply packet pairs. Ethereal provides the conversation list functions to keep specific information of a source packet so that it can be matched to a reply packet.

  • Packet retransmissions are a normal occurrence on most networks. It is important that Ethereal protocol dissectors can handle this type of condition. The use of conversation lists can help in this process.

  • Users should have the ability to configure different components in Ethereal. This includes the ability to turn on or off a feature within your protocol dissector. The preference files give you a place to store values so your dissector can retrieve them the next time Ethereal is active.

  • During the processing of data within a packet, you may need to know certain information from another dissector. Ethereal provides a mechanism to pass data between dissectors with the pinfo->private_data pointer.

  • Fragmentation occurs when the payload of a packet exceeds the actual size of the packet. The protocol will break the payload into pieces and then send each one within a fragment. The destination device will then collect all of the fragments and reassemble the original payload. Dissectors need to have the ability to process these packet fragments. Ethereal utilizes several de-fragment functions to track and reassemble fragmented data.

  • There are many times within the packet data that the number displayed is a user-friendly string to define the value. Most gerror codes are returned as numerical values but the number itself means little to the end user. Value strings give you the ability to convert numerical values to a meaningful message.

  • Ethereal’s GUI utilizes the GTK item factory for creating and manipulating its menu items. Adding a new menu item is a quick process by adding new items to the item factory.

  • If you plan to develop or modify any of the Ethereal GUI you will need to become familiar with GTK programming and its rich set of functions. The GTK website provides documentation and examples on proper ways of writing to the GTK library: www.gtk.org.

  • Ethereal provides a mechanism to receive real-time data. Tools can utilize the tap system to gather information from a live capture or from an existing packet trace.

  • Packet dissectors do not have to be compiled into the Ethereal source. The plugin interface provides a mechanism to convert your dissector from the packet-xxx type source to a plugin. Plugins can be compiled quicker and can be added and removed prior to launching the Ethereal executable.


  < Day Day Up > 


Previous page
Table of content
Next page
Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Documenting Software Architectures: Views and Beyond
A Practitioners Guide to Software Test Design
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
802.11 Wireless Networks: The Definitive Guide, Second Edition
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy