Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Linux Dissector Example

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Fri, 28 Dec 2007 05:22:53 -0700
On Fri, Dec 28, 2007 at 10:47:57AM +0100, warlord wrote:

> So all I am looking for now is a very simple example dissector which I 
> can compile and use in Linux. I hope/suppose I can find my way from 
> there. I do realize I can look at all the folders in trunk/, but they 
> seem to usually contain a gazillion lines of code. I'd prefer a 
> smaller example.

I would highly recommend trying to create a built-in dissector instead 
of a plug-in, at least for your first attempts, as it is much simplier 
to do.  Either start with the dissector code in README.developer 
(starting with the "Cut here" text) or Copy a simple dissector such as 
LLT to a new name replacing <proto> with the name of your dissector.

 cp epan/dissectors/packet-llt.c epan/dissectors/packet-<proto>.c

Then add packet-<proto>.c to epan/dissectors/Makefile.common under 
CLEAN_DISSECTOR_SRC (note that it's in alphabetical order).

Then run make again and your dissector will be included.

> My intention is to add a completely different set of functionality to 
> Wireshark, which could be quite useful for a bigger bunch of people.

Great!  Remember that dissectors only interpret protocols, if you want 
to add new GUI functionality to Wireshark for example, we'll need to 
show you a different set of sample files to go off of.


Steve