[osflash] service capture
osflash at badgers-in-foil.co.uk
Wed Apr 19 07:36:48 EDT 2006
On Wed, Apr 19, 2006 at 10:50:10AM +0300, Nikos Kastellanos wrote:
> Any kind of proxy is not good for what I want to do.
> I will try some advice and see if I can still use ethereal.
> Thanks anyway.
I had the same problem of wanting to reverse engineer a protocol used by
a windows-only program, which I could only usefully run over a real
network (and hence inspect using Ethereal) in the office.
After using Ethereal in the office to bootstrap my understanding of the
protocol, I basically took the approach that, since I was doing the
reverse engeneering in order to write code to read and write data
conforming to the protocol, I would actually write a simple proxy in my
target language that piped all data off to the parser code I was
writing. This lets me dump the 'disected' version of the data the
parser produces, and also acts as an excellent test harness.
I've also played a bit with creating packet-capture ('pcap') files with
Ethereal (in the office), and then 'replaying' these against my
application for testing / debugging outside the office by using the
relevant language bindings for libpcap. This can make it a lot easier
to reproduce fiddly test cases that are difficult to produce when
driving a GUI app 'by hand'.
I hope some of those random thoughts can be of use to you :)
More information about the osflash