Hacker News new | past | comments | ask | show | jobs | submit login
WireEdit – A Full Stack WYSIWYG Editor for Network Packets (wireedit.com)
221 points by csmajorfive on Nov 10, 2014 | hide | past | favorite | 78 comments



I'm the author of the packet editor Hexcap. http://www.hexcap.org

Hexcap is an ncurses packet hex editor and generator, and it's open source. It uses the dpkt library for packet encap and decap, as well as dnet and pypcap for capturing and transmission. It's probably not as fancy as WireEdit, but then again the intended audience is different. I started writing Hexcap, in ESR's terms, to scratch my own itch.

I'm a grad student which means Hexcap goes for long periods without updates. But when breaks roll around I usually find time to hack on it. If this kind of thing interests you, I'd be interested in hearing about your opinion of Hexcap. Typical FOSS disclaimers applying, YMMV.


Not open source = not at all like WireShark, sorry.

And that's a damn shame. I could see a community growing around this kind of thing and adding all kinds of protocol support to it, if only it was open source.


if you're looking for an OSS variant of this (packet editor with a GUI), have a look at Netdude:

http://netdude.sourceforge.net/

older package, but does basically this.


> Copyright 2006, last update June 2007

That sure is what it looks like. But thanks for sharing anyway, interesting project


No competition with WireShark is intended. WireEdit is a packet editor, not an analyzer. Can as easily edit a .txt Hex dump of a packet (not yet supported, but easy to do).


I will admit that I initially thought this was a Wireshark plugin or related to Wireshark in some fashion, based on the name and the appearance of the GUI on the page.

You may want to put a little disclaimer at the top saying it's not associated or competing with Wireshark.

Pretty cool tool either way.


Don't know if it was just added, but the front page currently has this on it:

  Are you competing with Wireshark?

  No. WireEdit is a packet editor, not an analyzer.
  No real-time packet capture either.


Yeh. I added it after the above question was asked. It was asked once, so it obviusly belongs to a FAQ.


You should add the licence on the website. It's a nice concept but I'll start using it as soon as someone creates a FOSS clone.


>It's a nice concept but I'll start using it as soon as someone creates a FOSS clone.

I like FOSS, and am grateful for the work open source engineers put into software, and I have also contributed, but this attitude right here where you wont even consider something because it's closed source? What's the point of that? Why shouldn't an engineer be paid? It's very difficult to capture value with open source software. Please explain to me how they could monetize this on par with the effort put into developing this and still have it be open source. This isn't a service that runs in a website, this is something you download and run.


Can't tell for others, but I'm very reluctant to spend time learning a tool that I know from the beginning I won't be able to debug / improve later and that the owner may change in a way that doesn't fit me or even stop to support. The only non-FOSS tools I've been using on a daily basis for years are Gmail and Google Calendar. I can't tell I'm really happy with how they have evolved out of my control. Oh, and Google Reader — you know what happened to it…

And it's really not about money. I'd be happy to pay a developer for some tool I use everyday if asked for. I already pay for music under CC or FAL.


How do you charge for something that can be freely redistributed? How can I charge you $50 for software that you can then take and give to everyone for free because of the open source license? Where are people going to get that software from? From me where it costs $50 or from you where they can get it for free? The GNU website says you can charge for distribution, but that was written back when people distributed CDROMS. Now that it's all over the internet, that model doesn't work anymore.

You put binaries up for download, charge $50, and anyone can pay you the $50, take that binary and legally redistribute it for free. Or they could just take the source and build it for nothing and do the same thing. Talk to me about the economics of making that viable. Please, because if you can I would love to do it that way. I would prefer the source code I write to be open source, but I have to eat and my children have to eat and we need to pay rent, and so I have to capture the value too. Software firms with modest sales can't afford to lose a dime they make, so how could they go FOSS?


Thank you for your reasonable perspective. This open source criticism seems particularly endemic for developer tools that aren't backed by a cloud service. There are very, very few companies that have made money with open source tools in this space and they typically require huge VC investments to get to a place where the product is good enough to warrant large enterprise support contracts and professional services.


Have you considered doing some freemium model? So maybe the base code is open source, but the modules for decoding some protocols cost money?


Commercial licenses and training. This may not be FOSS, but it can be open source. Or you can have a partially open source product with some closed source extensions, like JetBrains does.


Even paying for software doesn't guarantee they are going to keep the product the way you like it (OSX, Windows).

This attitude seems to think that open source is some magic wand and that it will be around forever just because it is open source. Open sourced code falls by the wayside all of the time, so I don't think this really matters in the scheme of things.


Paying gives no guarantee, open-source does.

Some did not like Gnome 3, they created MATE. Some found GCC was too conservative, they created EGCS. And MariaDB. And LibreOffice. And ffmpeg… And…

That's how you guarantee software will continue to fit your needs in the future. It's not paying for Microsoft Works that made people able to open *.wks files with Microsoft Office when Microsoft discontinued the former office suite (though they are some converters available). But it's open-source that made people able to open TrueCrypt files with CipherShed when the developers gave up.

Even at my level, I'm able to tweak the tools for my needs. The last version of zsh is not available on AIX? I can build it myself (and send the fixes upstream). Vim doesn't provide the feature I want? I can add it (and who cares if it's not yet merged upstream? it still does what I want it to do, now).


With FOSS software, an enterprising and capable individual always has the ability to modify/update/or other wise change the software to suit their needs.

I find your line of thought to hold little weight.


Sure, and the parent I was replying to said he is happy to pay money for software he uses. I don't see why paying for closed source software (to encourage the dev to keep developing it and also to allow you to comment on what to improve) is a bad thing just because the project is not open-source.


It certainly isn't (it pays my bills). It just isn't an obvious good investment for some people (including myself).


Upvotes are not visible so let me just comment to say that this is exactly how I feel about open source software. It's not about the money.


Of course it's about the money. Where does the engineer working on the open source software get money from to work on the project?


Misunderstanding here (bad wording on my part): what i meant by "it's not about the money" is that the advantage of open source is not that it's free, I'm happy to pay, but in the other values which the person i replied to mentioned.


> Why shouldn't an engineer be paid?

shouldn't he? EDIT: fixed bad wording. sorry, English is not my native.

> Please explain to me how they could monetize this on par with the effort put into developing this and still have it be open source.

paid closed-source plugins supporting enterprisey protocols, paid support, custom functionality. these are from top of my head, so pretty sure wirefloss devs could think of something as well.


For starters, it looks like this could be an issue:

  Can I add support for stack Y myself?

  No but we’d be happy to talk about it.
If this was FOSS, you could easily add support for your own stack rather than being at the mercy of their limited amount of time to work on it.


And who is really going to do that? Do I have time at my day job to port some network packet editor to the platform of my choice? Is management going to fund such an effort, or are they just gonna pay for the app?


I presume by 'Stack Y' they mean a network protocol not supported out of the box, rather than a platform the editor doesn't yet run on.


Correct.


If your management sees it as an opportunity to advance, why not? It's about having the ability to do so vs not having it because somebody else decided this for you.


They can release the free version as FOSS and release the paid version as closed source. I don't see how he would make any less money with an open source free software compared to a closed source free software. He's already said how he would monetize it, by offering a premium version with support like REHL. Also, I would not mind at all to pay a fee to use the normal edition and access the source. Free means libre, not gratis.


It is windows 7 only. So if anyone wanted to port it to OSX or Linux they would need to do a clean room implementation.

Q.E.D.



This is actually a good example. There are no linux ARM builds available, which makes this product useless for me. A lot of closed source software (cough sublime text cough) neglects the less common processor architectures, while with open source software I can usually just compile it myself.


I just pointed out that gp says it is Windows only which is obviously wrong.


I didn't say it wasn't but a build for a very recent Ubuntu the build is useless. Also it doesn't work for XP for which there can be no technical reason.


If you are on any other glib version or on rh this won't work.


Privacy policy added to the website FAQ. No data is gathered, no connections to the outside, except for a WINE repository for Ubuntu install.


No native Linux support (Win7 binary "+ hacked version of WINE"). Makers request it be run on "Ubuntu 14.4 x32"[sic] only, not even x86_64. I suspect they mean x86, or 32-bit when they say x32, since the x32 ABI is nowhere near implemented.

No source, no privacy policy. Supporting new protocols/formats/stack requires one 'to talk about it' with them.


1) Have Ubuntu12.04x32 with hacked WINE working as well. Let me know if you need it. 2) No source indeed. 3) Privacy policy is stated in the EULA. I'll repeat it here: "No info is gathered, no connections to outside servers, except for a standard WINE repository".


> 1) Have Ubuntu12.04x32 with hacked WINE working as well.

I think that the parent was more concerned with the lack of 64-bit (x64/AMD64/x86_64) support. The parent also takes issue with the usage of x32 to refer to 32-bit.


What assurances do we have that you'll live up to your privacy policy?


I'm afraid there is no such thing. Even open source products have critical security bugs as you may very well know. If you do just a bit of research you can find who I am, and where I live. Code is not obfuscated. This is the best I can do.


> Even open source products have critical security bugs as you may very well know.

Except they get fixed without someone threatening to disclose them.

> If you do just a bit of research you can find who I am, and where I live.

What do you expect me to do with that information? I'm being honest: I don't really get what that information would do for me if I found your code was doing something wrong, unless I thought it was worth my time to file a lawsuit.

> Code is not obfuscated.

We have very different definitions of this term.

> This is the best I can do.

Examples exist which show this statement to be wrong.


Downvoting me doesn't make my comments less true.


Without source why should we trust the privacy policy?


Presumably the crowd that a packet editor is targeted at knows their way around something like WireShark, and could easily monitor the software for phoning home. That's a pretty strong incentive to not do it.


One would think so. I'm certainly curious how much people use the tool. Wouldn't you? However in anticipation of security concerns the software doesn't gather any info, and makes no external connections. Auto-updates were implemented, but later disabled for the same reason.


OK, how do we know it doesn't install something that will phone home when nobody's using the program? A little cron job or something similar.


So now I have to keep tabs on the behavior of my tools, in addition to everything else I have to keep tabs on?


I was stating that within the crowd of people that such a tool is targeted at, someone will run a packet sniffer against it. The likelihood of this happening is high. This is a severe disincentive for someone to 'phone home' if they plan to keep making money from said group of people. As soon as someone runs a packet sniffer and finds something suspect, the whole thing falls apart.

But no, you don't have to keep tabs on it, because you don't have to use this tool. If you do choose to use this tool, you can play the probabilities and more than likely be fine.


You'd have to make an intelligent decision without access to full information. Isn't it often like that in life? As an engineer myself, I'd respect any decision you make.


Added the stated above privacy policy to website FAQ.


Today it's x86 only.


I was very excited, it's a project I've been wanting to do for years but never had the time (or better yet, something I've wanted to use, but it never existed). Then I got to the downloads. Great, an Ubuntu version... which is just the Windows version bundled with WINE except they modified WINE... and in the README they warn that it really only works with Ubuntu x32 and that you shouldn't have WINE already installed. Right. Why they expect people to still run x32 in 2014 is a mystery to me, but these guys do. And I already have WINE installed.

At this point I started to feel really bad about giving this my root password (the readme said it would prompt for it), it all just sounds super hacky. Also the instructions to place it in my home directory... why, doesn't it work elsewhere? What kind of epic hack is this? No, I don't think I trust this with root permissions.


You can install from any folder, not only your home folder. Most package installations under Linux do require sudo privileges, so WireEdit is in no way unique. You password is SAFE. Really. The README is trying to be pretty upfront about what it is, and how it works. See also my replies to other questions here.


x32 or x86? Cause X32 is the 32-bit-on-x86_64 ABI so you can get the benefit of the AMD64 instruction set and registers but without the overhead of 64-bit pointers. (Of course you can't access beyond 4GB RAM.)

X32 is faster at some things, but it doesn't seem to have much support. But it would be a good idea for many things, like desktop apps that don't need a lot of memory.


This looks really cool. Whenever I open up my Networks textbook, I get nostalgic about this stuff. It'd be fun to easily create my own packets to test out different stuff I've learned.

... any idea on a Mac version?


Yes. Will take a while.


Open sourcing it would allow the community to create a mac port if there was interest. :)


Very cool! I've been wanting something like this for a while. Going to make my life easier. I think it'd be great if you could implement a plugin feature so people could import custom protocols.


I am curious what you would be using this for


Just in case anyone's wondering, you can replay the results as spoofed network traffic via tcpreplay: https://github.com/appneta/tcpreplay or rather tcpliveplay (that should be included in the package), unless you decide modify tcp packet order numbers manually.

A very useful tool for any kind of low level network development, especially multiplayer games.


I'm curious how it deals with field lengths, conditional fields and other constraints. It is tough to get it right ;) Try comparing it with: http://freestuff.linkbit.com/epc_packet_builder/

edit Ah.. Wait http://www.wirefloss.com/ This one looks very familiar :)


> Edit L1 - L7 with just a few clicks

Damn, still nothing that can help me with my layer 8 problems.


I am guessing you mean the user? - /me googles - Indeed, haha :)


A similar (non-GUI) tool is scapy: http://www.secdev.org/projects/scapy/demo.html


Looks awesome. Waiting for the Mac version :)


I'm super excited about WireEdit, I hope they will provide a version that runs with 64bit Linux, too.


Video's too tall, doesn't fit on my relatively run-of-the-mill Thinkpad Edge screen. Just FYI.


I know. Sorry. Can't fix at the moment, will do later. Try to decrease the width of the browser, the video frame will decrease proportionally. Hope that helps.


You can just watch it directly on YouTube. https://www.youtube.com/watch?v=Mp1hpMOjk6c


Same here. MacBook Pro 15" Retina screen: http://imgur.com/fmtqXFD


Related: do someone around here know a tool for automatic or assisted reverse engineering? I sometimes work on reverse engineering and something that could help me make sense of it would be greatly appreciated.


Hmm precompiled binaries and running things under wine for linux.. Another 'great' post on hacker news.

-1 thank you.


Google chrome didnt like this download at all, telling me its a virus.


You can now download the .msi installer separately. Not sure it'll make Chrome happy. If you want the folder with Pcap example files, download Ubuntu version, and tar xvf it. It still has the examples folder inside.


Thanks for the effort. Chrome is actually throwing a "Uncommon" warning on both files, which I guess is better than a malware warning.

https://support.google.com/chrome/answer/4412392?p=ib_downlo...


It's not. I use Chrome all the time. It may be the zip file which spooks it. The zip contains an .msi file + a folder with pcap examples. If you wait a couple of hours, I'll put a separate .msi for download.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: