I'm the author of the packet editor Hexcap. <a href="http://www.hexcap.org" rel="nofollow">http://www.hexcap.org</a><p>Hexcap is an ncurses packet hex editor and generator, and it's open source. It uses the dpkt library for packet encap and decap, as well as dnet and pypcap for capturing and transmission. It's probably not as fancy as WireEdit, but then again the intended audience is different. I started writing Hexcap, in ESR's terms, to scratch my own itch.<p>I'm a grad student which means Hexcap goes for long periods without updates. But when breaks roll around I usually find time to hack on it. If this kind of thing interests you, I'd be interested in hearing about your opinion of Hexcap. Typical FOSS disclaimers applying, YMMV.
Not open source = not at all like WireShark, sorry.<p>And that's a damn shame. I could see a community growing around this kind of thing and adding all kinds of protocol support to it, if only it was open source.
No native Linux support (Win7 binary "+ hacked version of WINE"). Makers request it be run on "Ubuntu 14.4 x32"[sic] only, not even x86_64. I suspect they mean x86, or 32-bit when they say x32, since the x32 ABI is nowhere near implemented.<p>No source, no privacy policy. Supporting new protocols/formats/stack requires one 'to talk about it' with them.
I was very excited, it's a project I've been wanting to do for years but never had the time (or better yet, something I've wanted to use, but it never existed). Then I got to the downloads. Great, an Ubuntu version... which is just the Windows version bundled with WINE except they modified WINE... and in the README they warn that it really only works with Ubuntu x32 and that you shouldn't have WINE already installed. Right. Why they expect people to still run x32 in 2014 is a mystery to me, but these guys do. And I already have WINE installed.<p>At this point I started to feel really bad about giving this my root password (the readme said it would prompt for it), it all just sounds super hacky. Also the instructions to place it in my home directory... why, doesn't it work elsewhere? What kind of epic hack is this? No, I don't think I trust this with root permissions.
This looks really cool. Whenever I open up my Networks textbook, I get nostalgic about this stuff. It'd be fun to easily create my own packets to test out different stuff I've learned.<p>... any idea on a Mac version?
Very cool! I've been wanting something like this for a while. Going to make my life easier. I think it'd be great if you could implement a plugin feature so people could import custom protocols.
Just in case anyone's wondering, you can replay the results as spoofed network traffic via tcpreplay: <a href="https://github.com/appneta/tcpreplay" rel="nofollow">https://github.com/appneta/tcpreplay</a>
or rather tcpliveplay (that should be included in the package), unless you decide modify tcp packet order numbers manually.<p>A very useful tool for any kind of low level network development, especially multiplayer games.
I'm curious how it deals with field lengths, conditional fields and other constraints. It is tough to get it right ;) Try comparing it with: <a href="http://freestuff.linkbit.com/epc_packet_builder/" rel="nofollow">http://freestuff.linkbit.com/epc_packet_builder/</a><p><i>edit</i> Ah.. Wait <a href="http://www.wirefloss.com/" rel="nofollow">http://www.wirefloss.com/</a> This one looks very familiar :)
A similar (non-GUI) tool is scapy:
<a href="http://www.secdev.org/projects/scapy/demo.html" rel="nofollow">http://www.secdev.org/projects/scapy/demo.html</a>
Related: do someone around here know a tool for automatic or assisted reverse engineering? I sometimes work on reverse engineering and something that could help me make sense of it would be greatly appreciated.