## Please edit system and help pages ONLY in the moinmaster wiki! For more
## information, please see MoinMaster:MoinPagesEditorGroup.
##master-page:FrontPage
#format wiki
#language en
#pragma section-numbers off

= The Network Expect Wiki =

Welcome to the Network Expect wiki. This wiki is the central repository of information about NetworkExpect, a framework for manipulating network packets, including packet crafting, injection, and reception. The Network Expect [[DownloadPage|source code]], [[Documentation|documentation]], and [[Examples|examples]] can be found here.


Here are some pages that contain information about Network Expect:

 * InteractiveSession: a quick tour of NetworkExpect in the form of an interactive session
 * [[Documentation]]: the Network Expect documentation
 * [[Examples]]: sample Network Expect scripts
 * DownloadPage: download the Network Expect source code
 * PortabilityPage: information about running Network Expect in different platforms and operating systems
 * [[todo|Future work]]: sort of a to-do list of things that should change in Network Expect
## * RecentChanges: see where people are currently working
## * SiteNavigation: get an overview over this site and what it contains
## * WikiSandBox: feel free to change this page and experiment with editing
## * FindPage: search or browse the database in various ways
----
== News ==

''June 30, 2010'': Released Network Expect version [[http://www.netexpect.org/downloads/netexpect-0.18.tar.bz2|0.18]]. First official release that supports building against libwireshark 1.2.x (libwireshark 1.0.x is no longer supported). As always, the '''NEWS''' file in the top level directory of the netexpect source code documents the most important, high-level changes, improvements, and new features, but to summarize, this release adds Simple Network Time Protocol (SNTP) and Dynamic Trunking Protocol (DTP) to libpbuild, adds support for Wireshark configuration profiles, enhances the "data" PDU in libpbuild, adds a new "ws" command that allows to change Wireshark preferences from within netexpect scripts, e.g. "ws setprefs ip.defragment:FALSE"; adds the capability of recovering data from transmissions that come through multiple packets (IP fragmentation, TCP segmentation), uses Tcl namespaces to store variables produced during packet dissection, changes (hopefully for better) the way Tcl dissection variables are named, and attempts to workaround problems with the select() system call on OS X (and probably other BSD-like OS') when used on BPF file descriptors.

''October 25, 2009'': Network Expect version [[http://www.netexpect.org/downloads/netexpect-0.17.tar.bz2|0.17]] is out. New in this release is a "generic" PDU builder in libpbuild that hopefully makes it easier to create new PDUs, new "send_tcl" and "packet new" framework commands, ability to import data into byte arrays ("barray hex-import") and Tcl packet objects ("packet hex-import") directly from hexadecimal dumps, and libpbuild protocol support for Ethernet 802.3 frames, 802.2 Logical Link Control, 802.2 SNAP, and Cisco VLAN Trunking Protocol (VTP). Check out the '''NEWS''' file in the top level of the netexpect tarball for more details. This release should be the last one that supports libwireshark 1.0.x since libwireshark 1.2.x is not API- and ABI-compatible with older releases.

''September 12, 2009'': Network Expect version [[http://www.netexpect.org/downloads/netexpect-0.16.tar.bz2|0.16]] has been released. This release introduces a new CLI-based program '''tgn''' that allows to easily generate traffic from a shell prompt or non-Network Expect/Tcl scripts. See the '''NEWS''' file or tgn(1) for a couple of examples. Work on the netexpect-libwireshark has been merged into the trunk, which is why "libwireshark" has been dropped from the version number. Note that everything that '''tgn''' does can be done from netexpect via the '''send_network''' command. Having a little stand-alone utility that only generates traffic is just a small convenience.

''September 03, 2009'': Wow, it's been 15 months since the last Network Expect release. Guess life has kept me busy, but fortunately there's been a little bit of time to do some Network Expect development and today I've released Network Expect version [[http://www.netexpect.org/downloads/netexpect-0.15libwireshark.tar.bz2|0.15libwireshark]]. The '''NEWS''' file in the top level of the source tree has a lot of details about what's new but to briefly summarize here, this release has little improvements and new features that make it easier to handle PCAP file re-writing and replaying situations, new '''tgn''' (traffic generator) and '''ghost''' framework commands, and a re-written packet build subsystem that makes a bit easier to create new PDUs (still not effort-less like in Scapy but should be much better than what we had before). Some of these new developments are discussed and used as examples in the two new wiki pages RewriteAndReplay and [[Naptha]]. We obviously still have the dependency on libwireshark, which makes building a little bit more challenging, but so far this dependency seems worth the trouble since it gives us access to a great packet dissection infrastructure with very little effort.

''June 04, 2008'': Network Expect version [[http://www.netexpect.org/downloads/netexpect-0.14libwireshark.tar.bz2|0.14libwireshark]] has been released. This release adds the capability to use libwireshark display filters to have more control over what packets "expect_network" commands will see (this complements the use of PCAP capture filters, which have been a fundamental part of NetExpect since day one.) In addition, this release also fixes the problem of libwireshark packet dissection reusing, in some cases, field names. For example, dissecting a BOOTP message will reuse several times the field names bootp.option.type, bootp.option.length, and bootp.option.value. Before this release we would overwrite the old set of variables with new ones, so a script would only have access to the last set. Starting with this release we now detect field name reuse and convert reused variables to Tcl lists that hold all values. This way scripts can have access to everything. See NEWS file in the tarball for a brief example of how to use this.

''May 29, 2008'': released Network Expect version [[http://www.netexpect.org/downloads/netexpect-0.13libwireshark.tar.bz2|0.13libwireshark]]. This version fixes a bug that causes endianess problems when crafting and injecting packets on non-i386 architectures.

''May 15, 2008'': today I released the first public release of a version of NetworkExpect that uses libwireshark (from the [[http://www.wireshark.org/|Wireshark]] project) for packet dissection instead of my own code. This version is [[http://www.netexpect.org/downloads/netexpect-0.12libwireshark.tar.bz2|0.12libwireshark]] and is available from the [[http://www.netexpect.org/downloads|downloads]] directory. Note that this is currently a work in progress and that I have not committed yet to the use of libwireshark in this project. It'll depend on several factors. We'll see how it goes, but so far so good... (yes, I am aware of the software license implications of this move - NetworkExpect has a GPL license, so that should settle it.)

''May 13, 2008'': the NetworkExpect wiki was down for several months because it got hijacked by Chinese spammers to host spam pages. I was busy and couldn't clean things up until very recently. I've now removed all the crap they left behind, tried to lock the site a bit to prevent the same problem from happening again, and re-launched the site. If you want to contribute please drop me a note and I'll give you write access.
----
## == How to use this site ==
## A Wiki is a collaborative site, anyone can contribute and share:
##
## * Edit any page by pressing '''[[GetText(Edit)]]''' at the top or the bottom of the page
## * Create a link to another page with joined capitalized words (like WikiSandBox) or with {{{["quoted words in brackets"]}}}
## * Search for page titles or text within pages using the search box at the top of any page
## * See HelpForBeginners to get you going, HelpContents for all help pages.

##Information regarding this wiki:
##
## * RecentChanges: see where people are currently working
## * FindPage: search or browse the database in various ways
## * HelpContents: how to use the wiki

All content in this wiki can be improved by the community. Please feel free to add and modify content.

NetworkExpect was written and is currently maintained by [[mailto:peloy-at-netexpect.org|Eloy Paris]]. Comments/feedback/problem reports should be sent to [[mailto:peloy-at-netexpect.org|Eloy Paris]].