Part II. Wireshark Development
Prev		Next

Part II. Wireshark Development

Wireshark Development

The second part describes how the Wireshark sources are structured and how to change the sources such as adding a new dissector.

Table of Contents

6. Introduction

6.1. Source overview
6.2. Coding Style
6.3. The GLib library

7. How Wireshark Works

7.1. Introduction
7.2. Overview
7.3. Capturing packets
7.4. Capture Files
7.5. Dissect packets

8. Packet Capture

8.1. Adding A New Capture Type To Libpcap

8.2. Adding Capture Interfaces And Log Sources Using Extcap

8.2.1. Extcap Command Line Interface
8.2.2. Extcap Arguments
8.2.3. Toolbar Controls

9. Packet Dissection

9.1. How packet dissection works

9.2. Adding a basic dissector

9.2.1. Setting up the dissector
9.2.2. Dissecting the protocol’s details
9.2.3. Improving the dissection information

9.3. How to add an expert item

9.4. How to handle transformed data

9.5. How to reassemble split packets

9.5.1. How to reassemble split UDP packets
9.5.2. How to reassemble split TCP Packets

9.6. How to tap protocols

9.6.1. How to produce protocol statistics (stats)
9.6.2. How to follow protocol streams

9.7. How to use conversations

9.8. idl2wrs: Creating dissectors from CORBA IDL files

9.8.1. What is it?
9.8.2. Why do this?
9.8.3. How to use idl2wrs
9.8.4. TODO
9.8.5. Limitations
9.8.6. Notes

10. Wiretap

10.1. Background
10.2. Creating a new wiretap module
10.3. Additional notes on adding support for reading new capture formats
10.4. Adding support for writing capture formats
10.5. Adding support for a new encapsulation type

11. Plugins

11.1. Dissector plugins

11.2. The directory for the plugin, and its files

11.2.1. CMakeLists.txt
11.2.2. plugin.rc.in

11.3. Changes to existing Wireshark files

11.3.1. Custom extension
11.3.2. Permanent addition

11.4. Development and plugins on Unix

11.5. How to plugin related interface options

11.5.1. Implement a plugin GUI menu
11.5.2. Implement interactions with the main interface
11.5.3. Implement a plugin specific toolbar

12. Lua Support in Wireshark

12.1. Introduction
12.2. Example: Creating a Menu with Lua
12.3. Example: Dissector written in Lua
12.4. Example: Listener written in Lua
12.5. Example: Lua scripts with shared modules

13. Wireshark’s Lua API Reference Manual

13.1. Utility Functions

13.1.1. Global Functions

13.2. GUI Support

13.2.1. ProgDlg
13.2.2. TextWindow
13.2.3. Global Functions

13.3. Functions For New Protocols And Dissectors

13.3.1. Dissector
13.3.2. DissectorTable
13.3.3. Pref
13.3.4. Prefs
13.3.5. Proto
13.3.6. ProtoExpert
13.3.7. ProtoField
13.3.8. Global Functions

13.4. Obtaining Dissection Data

13.4.1. Field
13.4.2. FieldInfo
13.4.3. Global Functions

13.5. Obtaining Packet Information

13.5.1. Address
13.5.2. Column
13.5.3. Columns
13.5.4. Conversation
13.5.5. NSTime
13.5.6. Pinfo
13.5.7. PrivateTable

13.6. Functions For Handling Packet Data

13.6.1. ByteArray
13.6.2. Tvb
13.6.3. TvbRange

13.7. Adding Information To The Dissection Tree

13.7.1. TreeItem

13.8. Post-Dissection Packet Analysis

13.8.1. Listener

13.9. Saving Capture Files

13.9.1. Dumper
13.9.2. PseudoHeader

13.10. Wtap Functions For Handling Capture File Types

13.10.1. Global Functions

13.11. Custom File Format Reading And Writing

13.11.1. CaptureInfo
13.11.2. CaptureInfoConst
13.11.3. File
13.11.4. FileHandler
13.11.5. FrameInfo
13.11.6. FrameInfoConst
13.11.7. Global Functions

13.12. Directory Handling Functions

13.12.1. Dir
13.12.2. Example
13.12.3. Example

13.13. Handling 64-bit Integers

13.13.1. Int64
13.13.2. UInt64

13.14. Binary encode/decode support

13.14.1. Struct

13.15. Gcrypt symmetric cipher functions

13.15.1. GcryptCipher
13.15.2. Global Functions

13.16. PCRE2 Regular Expressions

13.17. Bitwise Operations

14. User Interface

14.1. Introduction

14.2. The Qt Application Framework

14.2.1. User Experience Considerations
14.2.2. Qt Creator
14.2.3. Source Code Overview
14.2.4. Coding Practices and Naming Conventions
14.2.5. Other Issues and Information

14.3. Human Interface Reference Documents

15. Wireshark Tests

15.1. Quick Start

15.2. Test suite structure

15.2.1. Test Coverage And Availability
15.2.2. Suites, Cases, and Tests
15.2.3. pytest fixtures

15.3. Listing And Running Tests

15.4. Adding Or Modifying Tests

15.5. External Tests

15.5.1. Custom Fixtures

16. Creating ASN.1 Dissectors

16.1. About ASN.1

16.2. ASN.1 Dissector Requirements

16.2.1. Building An ASN.1-Based Plugin

16.3. Understanding Error Messages

16.4. Hand-Massaging The ASN.1 File

16.5. Command Line Syntax

16.6. Generated Files

16.7. Step By Step Instructions

16.8. Hints For Using Asn2wrs

16.8.1. ANY And Parameterized Types
16.8.2. Tagged Assignments
16.8.3. Untagged CHOICEs
16.8.4. Imported Module Name Conflicts

16.9. Simple ASN.1-Based Dissector

16.10. Conformance (.cnf) Files

16.10.1. Example .cnf File
16.10.2. Example packet-protocol-template.h File
16.10.3. Example packet-protocol-template.c File

16.11. Conformance File Directive Reference

16.11.1. #.END
16.11.2. #.EXPORTS
16.11.3. #.FN_BODY
16.11.4. #.MODULE_IMPORT, #.INCLUDE and #.IMPORT
16.11.5. #.MODULE_IMPORT
16.11.6. #.INCLUDE and #.IMPORT
16.11.7. #.NO_EMIT And #.USER_DEFINED
16.11.8. #.PDU and #.PDU_NEW
16.11.9. #.REGISTER and #.REGISTER_NEW

17. This Document’s License (GPL)

Prev		Next
5.14. WinSparkle (Optional)	Home	Chapter 6. Introduction