Wednesday, December 4, 2013

Desktop Packet Reference Tool

A long while ago, I started working on a Windows app for helping people learn about packets. Unfortunately, life has had a crazy way of getting "in the way" and after at least a year, I have finally found some time to get back to working on this app.

Initially I was creating this more as a Snort rule generator and tester to help people learn more about creating Snort rules, and how they have changed over each version. The tabs for each packet type was an afterthought at the time. However, I decided it would be more fun for me to focus on the different protocols and not mess around with creating a tool that, quite frankly, already exists within Snort.

I think I will have this, and two other big projects done by Christmas. I did want to put a couple screenshots out there in case anyone with an interest runs across this blog and has changes/additions to suggest, or even complaints. Just remember, this is a fun thing for me and I hope that people will be able to utilize it once it is finished.

The application opens with this view:

The above just shows the initial view when the application is opened. I haven't changed the title yet, which is why it still reads "IDS Rule Builder." The user can select any of the visible tabs and see the standard view of the packet for the selected protocol. As of now, once a field on a tab is selected, that is the information that will stay visible on that tab view until a different field is selected. This means that a user can select IP Version, for example, switch over to the TCP Packet tab and select the "Source Port" and then switch between these two tabs without having the selected information cleared. 
And here is a view of the application after the user selects "IP Version" under the "IP Packet" tab. The "Byte Offset" text is sort of a favorite of mine. I believe that anyone who has ever tried to follow Mike Poor on audio when he discusses tcpdump filters and byte offsets will appreciate having a tool like this to visualize and reinforce what Poor is saying. :-)

Anyway, this is just a preview as I still have a LOT of the information text strings to build and add in. I am toying with the idea of using some fashion of highlighting the selected field once selected but not sure if that's necessary. I do think I will get this done prior to Christmas (along with the other two projects) and once it's complete I will put the project, source, and executables up on bitbucket publicly.

Hope everyone had a wonderful and safe Thanksgiving and that their Christmas festivities are fun and safe as well! :-)