ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Linux Dissector Example

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "J.C. Wren" <jcwren@xxxxxxxxx>
Date: Fri, 28 Dec 2007 07:44:50 -0500
Perhaps a slight change of topic, but what advantages do plug-ins have
(or not have) over built-ins?  I wrote my first (and only) dissector
as a plug-in, and other than the issue with packet spanning working
correctly, it was pretty straight-forward.  In fact, probably the
single most difficult (and ill-documented) issue was figuring out how
many *.nmake files I had to insert the plug-in name into to get it to
build.

I developed under Windows, since my target user base for the plug-in
is purely Windows users.  I had some help from the IRC channel, but
99% of what I learned came from
http://www.wireshark.org/docs/wsug_html and browsing some of the other
plug-in sources, particularly H223.

--jc

On Dec 28, 2007 7:22 AM, Stephen Fisher <stephentfisher@xxxxxxxxx> wrote:
> On Fri, Dec 28, 2007 at 10:47:57AM +0100, warlord wrote:
>
> > So all I am looking for now is a very simple example dissector which I
> > can compile and use in Linux. I hope/suppose I can find my way from
> > there. I do realize I can look at all the folders in trunk/, but they
> > seem to usually contain a gazillion lines of code. I'd prefer a
> > smaller example.
>
> I would highly recommend trying to create a built-in dissector instead
> of a plug-in, at least for your first attempts, as it is much simplier
> to do.  Either start with the dissector code in README.developer
> (starting with the "Cut here" text) or Copy a simple dissector such as
> LLT to a new name replacing <proto> with the name of your dissector.
>
>  cp epan/dissectors/packet-llt.c epan/dissectors/packet-<proto>.c
>
> Then add packet-<proto>.c to epan/dissectors/Makefile.common under
> CLEAN_DISSECTOR_SRC (note that it's in alphabetical order).
>
> Then run make again and your dissector will be included.
>
> > My intention is to add a completely different set of functionality to
> > Wireshark, which could be quite useful for a bigger bunch of people.
>
> Great!  Remember that dissectors only interpret protocols, if you want
> to add new GUI functionality to Wireshark for example, we'll need to
> show you a different set of sample files to go off of.
>
>
> Steve
>
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube