
WireEdit – A Full Stack WYSIWYG Editor for Network Packets - csmajorfive
https://wireedit.com/
======
smutticus
I'm the author of the packet editor Hexcap.
[http://www.hexcap.org](http://www.hexcap.org)

Hexcap is an ncurses packet hex editor and generator, and it's open source. It
uses the dpkt library for packet encap and decap, as well as dnet and pypcap
for capturing and transmission. It's probably not as fancy as WireEdit, but
then again the intended audience is different. I started writing Hexcap, in
ESR's terms, to scratch my own itch.

I'm a grad student which means Hexcap goes for long periods without updates.
But when breaks roll around I usually find time to hack on it. If this kind of
thing interests you, I'd be interested in hearing about your opinion of
Hexcap. Typical FOSS disclaimers applying, YMMV.

------
xorrbit
Not open source = not at all like WireShark, sorry.

And that's a damn shame. I could see a community growing around this kind of
thing and adding all kinds of protocol support to it, if only it was open
source.

~~~
jnazario
if you're looking for an OSS variant of this (packet editor with a GUI), have
a look at Netdude:

[http://netdude.sourceforge.net/](http://netdude.sourceforge.net/)

older package, but does basically this.

~~~
lucb1e
> Copyright 2006, last update June 2007

That sure is what it looks like. But thanks for sharing anyway, interesting
project

------
simlevesque
You should add the licence on the website. It's a nice concept but I'll start
using it as soon as someone creates a FOSS clone.

~~~
swartkrans
>It's a nice concept but I'll start using it as soon as someone creates a FOSS
clone.

I like FOSS, and am grateful for the work open source engineers put into
software, and I have also contributed, but this attitude right here where you
wont even consider something because it's closed source? What's the point of
that? Why shouldn't an engineer be paid? It's very difficult to capture value
with open source software. Please explain to me how they could monetize this
on par with the effort put into developing this and still have it be open
source. This isn't a service that runs in a website, this is something you
download and run.

~~~
Arkanosis
Can't tell for others, but I'm very reluctant to spend time learning a tool
that I know from the beginning I won't be able to debug / improve later and
that the owner may change in a way that doesn't fit me or even stop to
support. The only non-FOSS tools I've been using on a daily basis for years
are Gmail and Google Calendar. I can't tell I'm really happy with how they
have evolved out of my control. Oh, and Google Reader — you know what happened
to it…

And it's really not about money. I'd be happy to pay a developer for some tool
I use everyday if asked for. I already pay for music under CC or FAL.

~~~
swartkrans
How do you charge for something that can be freely redistributed? How can I
charge you $50 for software that you can then take and give to everyone for
free because of the open source license? Where are people going to get that
software from? From me where it costs $50 or from you where they can get it
for free? The GNU website says you can charge for distribution, but that was
written back when people distributed CDROMS. Now that it's all over the
internet, that model doesn't work anymore.

You put binaries up for download, charge $50, and anyone can pay you the $50,
take that binary and legally redistribute it for free. Or they could just take
the source and build it for nothing and do the same thing. Talk to me about
the economics of making that viable. Please, because if you can I would love
to do it that way. I would prefer the source code I write to be open source,
but I have to eat and my children have to eat and we need to pay rent, and so
I have to capture the value too. Software firms with modest sales can't afford
to lose a dime they make, so how could they go FOSS?

~~~
csmajorfive
Thank you for your reasonable perspective. This open source criticism seems
particularly endemic for developer tools that aren't backed by a cloud
service. There are very, very few companies that have made money with open
source tools in this space and they typically require huge VC investments to
get to a place where the product is good enough to warrant large enterprise
support contracts and professional services.

------
pritambaral
No native Linux support (Win7 binary "\+ hacked version of WINE"). Makers
request it be run on "Ubuntu 14.4 x32"[sic] only, not even x86_64. I suspect
they mean x86, or 32-bit when they say x32, since the x32 ABI is nowhere near
implemented.

No source, no privacy policy. Supporting new protocols/formats/stack requires
one 'to talk about it' with them.

~~~
wirefloss
1) Have Ubuntu12.04x32 with hacked WINE working as well. Let me know if you
need it. 2) No source indeed. 3) Privacy policy is stated in the EULA. I'll
repeat it here: "No info is gathered, no connections to outside servers,
except for a standard WINE repository".

~~~
cbd1984
Without source why should we trust the privacy policy?

~~~
pyre
Presumably the crowd that a _packet editor_ is targeted at knows their way
around something like WireShark, and could easily monitor the software for
phoning home. That's a pretty strong incentive to not do it.

~~~
cbd1984
So now I have to keep tabs on the behavior of my tools, in addition to
everything else I have to keep tabs on?

~~~
pyre
I was stating that within the crowd of people that such a tool is targeted at,
_someone_ will run a packet sniffer against it. The likelihood of this
happening is high. This is a severe disincentive for someone to 'phone home'
if they plan to keep making money from said group of people. As soon as
someone runs a packet sniffer and finds something suspect, the whole thing
falls apart.

But no, you don't _have_ to keep tabs on it, because you don't _have_ to use
this tool. If you do choose to use this tool, you can play the probabilities
and more than likely be fine.

------
lucb1e
I was very excited, it's a project I've been wanting to do for years but never
had the time (or better yet, something I've wanted to use, but it never
existed). Then I got to the downloads. Great, an Ubuntu version... which is
just the Windows version bundled with WINE except they modified WINE... and in
the README they warn that it really only works with Ubuntu x32 and that you
shouldn't have WINE already installed. Right. Why they expect people to still
run x32 in 2014 is a mystery to me, but these guys do. And I already have WINE
installed.

At this point I started to feel really bad about giving this my root password
(the readme said it would prompt for it), it all just sounds super hacky. Also
the instructions to place it in my home directory... why, doesn't it work
elsewhere? What kind of epic hack is this? No, I don't think I trust this with
root permissions.

~~~
wirefloss
You can install from any folder, not only your home folder. Most package
installations under Linux do require sudo privileges, so WireEdit is in no way
unique. You password is SAFE. Really. The README is trying to be pretty
upfront about what it is, and how it works. See also my replies to other
questions here.

------
jobposter1234
This looks really cool. Whenever I open up my Networks textbook, I get
nostalgic about this stuff. It'd be fun to easily create my own packets to
test out different stuff I've learned.

... any idea on a Mac version?

~~~
wirefloss
Yes. Will take a while.

~~~
xorrbit
Open sourcing it would allow the community to create a mac port if there was
interest. :)

------
anExcitedBeast
Very cool! I've been wanting something like this for a while. Going to make my
life easier. I think it'd be great if you could implement a plugin feature so
people could import custom protocols.

~~~
chappar
I am curious what you would be using this for

------
ParvusPonte
Just in case anyone's wondering, you can replay the results as spoofed network
traffic via tcpreplay:
[https://github.com/appneta/tcpreplay](https://github.com/appneta/tcpreplay)
or rather tcpliveplay (that should be included in the package), unless you
decide modify tcp packet order numbers manually.

A very useful tool for any kind of low level network development, especially
multiplayer games.

------
dchichkov
I'm curious how it deals with field lengths, conditional fields and other
constraints. It is tough to get it right ;) Try comparing it with:
[http://freestuff.linkbit.com/epc_packet_builder/](http://freestuff.linkbit.com/epc_packet_builder/)

 _edit_ Ah.. Wait [http://www.wirefloss.com/](http://www.wirefloss.com/) This
one looks very familiar :)

------
owenversteeg
> Edit L1 - L7 with just a few clicks

Damn, still nothing that can help me with my layer 8 problems.

~~~
lucb1e
I am guessing you mean the user? - _/ me googles_ \- Indeed, haha :)

------
Matumio
A similar (non-GUI) tool is scapy:
[http://www.secdev.org/projects/scapy/demo.html](http://www.secdev.org/projects/scapy/demo.html)

------
danra
Looks awesome. Waiting for the Mac version :)

------
Tepix
I'm super excited about WireEdit, I hope they will provide a version that runs
with 64bit Linux, too.

------
abcd_f
Video's too tall, doesn't fit on my relatively run-of-the-mill Thinkpad Edge
screen. Just FYI.

~~~
wirefloss
I know. Sorry. Can't fix at the moment, will do later. Try to decrease the
width of the browser, the video frame will decrease proportionally. Hope that
helps.

~~~
csmajorfive
You can just watch it directly on YouTube.
[https://www.youtube.com/watch?v=Mp1hpMOjk6c](https://www.youtube.com/watch?v=Mp1hpMOjk6c)

------
reitanqild
Related: do someone around here know a tool for automatic or assisted reverse
engineering? I sometimes work on reverse engineering and something that could
help me make sense of it would be greatly appreciated.

------
digital-rubber
Hmm precompiled binaries and running things under wine for linux.. Another
'great' post on hacker news.

-1 thank you.

------
wnevets
Google chrome didnt like this download at all, telling me its a virus.

~~~
wirefloss
You can now download the .msi installer separately. Not sure it'll make Chrome
happy. If you want the folder with Pcap example files, download Ubuntu
version, and tar xvf it. It still has the examples folder inside.

~~~
wnevets
Thanks for the effort. Chrome is actually throwing a "Uncommon" warning on
both files, which I guess is better than a malware warning.

[https://support.google.com/chrome/answer/4412392?p=ib_downlo...](https://support.google.com/chrome/answer/4412392?p=ib_download_blocked&rd=1)

