New Development, custom build, minimal features required
I recently installed the development code and assorted files, and have succeeded in compiling a 'custom build' of the base code, with the help of a fellow (grahamb) in the community. Very thankful for that help. Spent some time reading over the various developer doc files and its quite mind boggling.
My project I want to create is a very minimal simplified version of Wire Shark, so that I can replace my outdated router and router log files. It seems that all of the newer routers have removed the real-time logging features and at best, you get a little web page in the router where you can view past packets, but little (or none) in the way what is happening in real time. To sit back and 'refresh' those logs is not practical in any environment. What I would like to end up with is something similar to a program called "Wall Watcher", which support ended in 2011.
Basically I want to display incoming and outgoing connections (not full packets) that are either passed or blocked (by NAT) as well as router-type configurations (such as when remote access has been tried, warm starts etc). I only need the "first" packet, none of the data stream. For example, just the time and date, incoming or outgoing, blocked or allowed, protocol (typically only tcp and udp), remote ip address, remote name (if available, aka microsoft dot com), remote port, local ip address and local port.
So I guess my first question would be, how do I set a filter so that ONLY the above is displayed? Its pretty important that I only show the first packet in what will more than likely be a whole huge number of packets (so if I am doing a torrent for a tv show for example, I don't need to see all of the packets, all of the data in them, etc)
It seems that I have to 'drill down' in Wire Shark in order to get to the IP's involved, and I would like to eliminate storing all of the other data, so I am guessing that I will need to modify the routines used to display a packet line quite extensively. Ultimately I suspect that I can eliminate a lot of the dissector code, but that's a step for further on down the road.
Any pointers to the code areas involved would be deeply appreciated. I also want to 'save' the users default connection so the don't have to choose what interface to use after they select it for the first time. Obviously allowing changes but...
And it might be better, in code, to just hard code the filter(s) needed, making it easier for normal people to not have to worry about that. Maybe open it up for other options down the road at a later date..
Clearly this will be a free program once I am done, and of course the end code will be fully released as ...
