Wireshark-dev: [Wireshark-dev] Wireshark and Google Summer of Code 2010

From: Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx>
Date: Thu, 25 Feb 2010 14:46:30 +0100
Hi list,

There's new edition of Google Summer of Code [1],

I don't know if Wireshark Core Team plan to participate this year,
but I'm still student and it'd be nice to write code for wireshark 
and get money from doing it :)
(btw. 500 USD per each student goes to the mentoring organization!)

I'd like to make ncurses frontend for wireshark
Wireshark for big captures is sometimes slow, it eats lot of memory,
and because of gui - it's not easy to use it remotely.
tshark is better, but it's not interactive.

I think nshark could fill gap between wireshark and tshark.

I've got also some other ideas, like:

 - Possibility to edit & craft new packets inside wireshark.
   To easy change private information, like: mac/ip address, mask passwords.
   It'd be also possible to fast check how wireshark dissector will behave 
   if you change this byte to another value... :)

 - Support for passive OS fingerprinting (based on lcamtuf's p0f?) [2]
   Wireshark have already support for GeoIP databases, it'd be nice to have 
   information about operation system as well :)

 - I don't know if bugs #4133 & #4141 are still valid (about GMemChunks), but 
   maybe it'd be good idea to create our own chunk allocator, inside emem.c?

Generic one:
 - Implement new dissector, or improve existsing one.
 - Fix some reported bugs from bugs.wireshark.org, and/or find new one? :)

Some plugins idea:

 - Packet injection.
 - Service emulator based on sniffed information.
 - TAP (?) for password collector (or other sensitive informations)
 - ARP poisoning.

There's deadline for mentoring organizations to submit application till
8 March [3] so less than 2 weeks :)

[1] http://code.google.com/soc
[2] http://lcamtuf.coredump.cx/p0f.shtml
[3] http://socghop.appspot.com/document/show/gsoc_program/google/gsoc2010/faqs#timeline