How do I develop a packet analyzer?

[ashishesha]

How to develop packet analyzer for linux..plz suggest how to proceed.........m new to the forum..

[meton_magis]

step one: go to school, learn programming.
step two: spend a couple years programming, debugging, reprogramming, over and over again until you have a working analyzer.
step three: profit ....... not really, because you can just get wireshark for free, so there's not much of a market for a new one.


honestly, unless you allready know more about programming than most people on this forum, and deffinately more than people would give advice on for free, building a packet analyzer from scratch is not a realistic goal. If you REALLY want to proceede, download the source code for wireshark, and look over the code. No need to ask how to do it when an open source version exists that you can look at.

[ashishesha]

i do know packet analyzer utilities are already available along with their documentation....ve 2 develop one as my computer network project in college...kindly help if possible

[Rubberman]

i do know packet analyzer utilities are already available along with their documentation....ve 2 develop one as my computer network project in college...kindly help if possible

It is against forum rules to help with class projects/assignments like this. That is what you are supposed to be learning how to do, and I have to assume that you have received the background training required to succeed at it. I will provide you with a dime's worth of advice however.

1. Determine which protocols you are going to "support". Then get a copy of the DDN Protocol Handbook volume(s) that covers the protocols in question. These are the official US Government documents that describe the various internet protocols in such detail that a reasonably capable programmer can implement software that can deal them.
2. Develop a "test bed" where a standard program that uses the protocols in question can be used to generate data/packet streams of known composition so you can validate that your analysis software is dealing with the data correctly.
3. Test your code against known analysis tools, such as wireshark, to see where you may be getting the wrong results.
4. Learn how to program finite-state machines to do the analysis for each protocol. That is the only reasonable way to be sure that your code is acting in predictable ways giving any input.

For whatever it's worth (FWIW), I used this approach to do a complete commercial implementation of telnet and ftp (both client and server) for a real-time operating system almost 20 years ago. The code was written from scratch, with zero contribution from Unix or anywhere else. In fact, I never even looked at the BSD (most commonly used TCP/IP implemenation) code base. It took me a 2-3 months to get to where I was getting reasonable results with a wide variety of client/server implementations such as SunOS, Unix System 5, Ultrix, VMS, etc.

[Rubberman]

FYI, the DDN Protocol Handbooks are commonly known as "The White Books", because of their white covers. Each is about 1000 pages long, and very "dense".