Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] How to develop a pluginin wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Josh Moore" <jmoore@xxxxxxxxxxxx>
Date: Wed, 2 Apr 2008 07:57:58 -0500
Hi Auvray Julien:

Over the past month I made several plugins for use at my job. I found
the following things helpful:
1. Set up your build environment using
http://www.wireshark.org/docs/wsdg_html/#ChSetupMSVC .
2. Use doc/README.developer as a reference. It has some skeleton code
for a dissector. I like the col_append_fstr() function for using the
Info column, and the proto_tree_add_int_format(),
proto_tree_add_int_format_value(), proto_tree_add_text(), and other
similar functions. They give lots of printf()-like control over how your
dissector displays the data from the packet.
3. Make a simple dissector that reads at least one field using
http://www.wireshark.org/docs/wsdg_html/#ChDissectAdd . It points you to
the "agentx" plugin as a place to start for some supporting files (like
makefiles) for the dissector.
4. Expand it by trying different things; what's the worst that could
happen? What you try doesn't work and WS crashes or gives you an error.
So, you go back a step and undo the change you made that made it not
work.
5. Add debug outputs to a file where you don't understand where you are
going wrong. I did this to epan/proto.c to figure out when I was using
hf_... variables that I had left as having value -1 because I forgot to
include them in the table I registered with
proto_register_field_array().
6. Add subtrees where appropriate in the dissector.

Hope this helps,

Josh Moore

-----Original Message-----
Date: Wed, 2 Apr 2008 13:59:32 +0200
From: "Auvray Julien" <juauvray@xxxxxxxxxxx>
Subject: [Wireshark-dev] How to develop a pluginin wireshark
To: <wireshark-dev@xxxxxxxxxxxxx>
Message-ID: <BLU114-DS3B2B5ABC0F0B640E1DEB7D8F40@xxxxxxx>
Content-Type: text/plain; charset="utf-8"

Hello everybody,

 

I'm a beginner in WireShark and I have a job that consist in developing
a
plug-in that will capture SMTP traffic.

This plug-in has to do the following :

-          Capture only the smtp traffic

-          Save each e-mail sent in a file in a specific folder.

 

That's why I ask for any help.

 

What documentation do I have to read?

Is there some examples of plug-in that do that kind of job?

Other advices?

 

Thanks a lot,

Best Regards

Julien
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube