Wireshark-dev: Re: [Wireshark-dev] Distributing a wireshark dissector
From: "Maynard, Chris" <[email protected]>
Date: Thu, 15 Nov 2007 11:31:10 -0500

Welcome to my world.  I handle this by creating a custom installer each time a new release of Wireshark comes out.  It’s more work for me, but it’s far more convenient to have one version that incorporates the latest changes from Wireshark as well as the proprietary customizations that make the tool even more useful to those who use it at my company.  If you’ve only got a normal dissector, then it’s rather trivial to support since you only have to copy your dissector to epan/dissectors/ and update the Makefile.common file then recompile and repackage the installer.  To me, that’s far easier/nicer for the users than having to worry about multiple versions or having to remember to copy a dll or something.


Note that if you’ve got some plugins, as I do, and if you need to support multiple platforms – Windows, Linux, … (as I do), then you’ve got more work to do.  The tutorial you followed appears to be a tutorial on building a plugin dissector, not a normal dissector, but if possible you should convert your plugin to a normal dissector to make things a little easier for yourself if you’re going to be building your own customized installer.  Read the doc/README.developer for how to write a normal dissector.  Now if you can’t or don’t want to convert your plugin to a normal dissector, then there are threads on this developer’s list discussing in detail what you need to do for a plugin and I’m sure doc/README.plugin has additional information too, not to mention the tutorial you followed.


Probably not the answer you were looking for, but that’s what I would suggest …

- Chris


From: [email protected] [mailto:[email protected]] On Behalf Of Eytan Kidron
Sent: Thursday, November 15, 2007 9:21 AM
To: [email protected]
Subject: [Wireshark-dev] Distributing a wireshark dissector





I have a question concerning the creation and distribution of dissectors.

I created a dissector using a tutorial which I found in http://www.codeproject.com/useritems/custom_dissector.asp, and now I have a dll called my-protocol.dll.

I am not interested, at this point, in distributing this dissector to the general public, but I am interested in distributing it within my organization. I found that I could do that by creating a wireshark installer (see step 12 in the link above).

When others in my organization executed this installer and copied the dll to the appropriate place, they could use the dissector. The problem with that is that whenever a new version of wireshark is released, my dissector will obviously not be there, and if somebody wants some feature from a newer wireshark version and also wants my dissector, they need two separate wireshark installations.


My question is:

Is it possible to add a new dissector to an existing wireshark without having to reinstall it or install a separate instance of wireshark?


One might expect that I could simply copy my-protocol.dll to the folder where all the other dlls are, but when I tried to do this I got an error in loading a C runtime library (incidentally, I am working on Windows XP). Is that supposed to work?


I don't mind the users in my organization having to do something extra (like copying a dll) every time they update their wireshark, if they want to use this dissector, but I don’t want to need to create a new installer whenever a new wireshark version is released.


I would be grateful if anyone could help me with this.




This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, retention, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Also, email is susceptible to data corruption, interception, tampering, unauthorized amendment and viruses. We only send and receive emails on the basis that we are not liable for any such corruption, interception, tampering, amendment or viruses or any consequence thereof.