Wireshark-dev: Re: [Wireshark-dev] Dissector Generator

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 19 Feb 2009 14:50:18 -0800

On Feb 19, 2009, at 2:41 PM, Gerald Combs wrote:

Behdad Forghani wrote:
I am thinking of developing a notation along with code generator and
Eclipse integration to specify protocol PDUs and then generate Wireshark dissectors automatically, thus reducing the time to hand code dissectors
and errors. Before, I do that, I wanted to make sure that I am not
reinventing the wheel. Does such a tool already exist for non ASN.1
protocol messages?

You might want to take a look at the NetPDL and TSN.1 notations:

   http://www.nbee.org/doku.php?id=netpdl:index
   http://www.protomatics.com/tsn1.html

Others have suggested the BinPAC language used by the Bro IDE:

	http://bro-ids.org/wiki/index.php/BinPAC

and I think Scapy was mentioned in this context (or maybe I stumbled across it):

	http://www.secdev.org/projects/scapy/

and somebody's worked on some code to do this with their own language:

	http://wsgd.free.fr/

or, heck, maybe use ASN.1 - ASN.1 isn't a protocol; the "A" stands for "Abstract", so it's a way to describe the "abstract syntax" of protocols, and you have to add the encoding rules to see what that turns into as a sequence of octets, and there's an Encoding Control Notation:

	http://en.wikipedia.org/wiki/Encoding_Control_Notation

to let you specify non-standard encodings.