Wireshark · Wireshark-dev: Re: [Wireshark-dev] We want to develop a Monitoring Software based on wireshark

Wireshark-dev: Re: [Wireshark-dev] We want to develop a Monitoring Software based on wireshark

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 6 Sep 2010 23:05:36 -0700

On Sep 6, 2010, at 9:12 PM, 刘昆 wrote:

> We want to develop a software just like this
> 
> First,we let the software run and capture the data packets in computer.Then when  some words or IP address in  the data packets matching to the data we preestablish,a warning box must be showed to tell us something happen.
> 
> 
> In fact, we just want to modify the code of  wireshark and add some function of the filtering IP and some key words.However,my question is I don't know how to do now.Where should I start

With Snort?

	http://www.snort.org/

Wireshark is designed to be, and intended to be, a program to load a capture of network traffic, or capture a sequence of network traffic, and allow its user to look at the traffic in detail; it was not designed to be, and is not intended to be, an application that watches network traffic in the background and pop up warnings.

Snort *is* designed to be an application that watches network traffic in the background and warns the user of potential problems.

References:
- [Wireshark-dev] We want to develop a Monitoring Software based on wireshark
  - From: 刘昆

Prev by Date: [Wireshark-dev] We want to develop a Monitoring Software based on wireshark
Next by Date: [Wireshark-dev] Usage of MS protocol documentation in Wireshark
Previous by thread: [Wireshark-dev] We want to develop a Monitoring Software based on wireshark
Next by thread: [Wireshark-dev] Usage of MS protocol documentation in Wireshark
Index(es):
- Date
- Thread