Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] plugin

From: Marc-André Moreau <marcandre.moreau@xxxxxxxxx>
Date: Wed, 24 Mar 2010 15:06:31 -0400
I was in the same situation as you a couple of months ago (being an intern in a big company and being assigned the task of writing a wireshark dissector). In my case, I was given sample captures. First, are you on Windows? Packet capture on localhost is a bit tricky on Windows, because it's handled differently. Section 8.4 of the tutorial gives some tips about it. Also, I just noticed that the demo client and server used in the article is a dead link. You need a test client and server in order create packets which you would be able to see in Wireshark. I don't know if it can be found somewhere else or if someone has a sample packet capture. Another problem I can see is if you're in a big company it's possible that your workstation has limited rights and that you did not have sufficient privileges to install winpcap, which is required to capture packets on Windows.

What I suggest in your case is that you first get a sample packet capture for the protocol you need to dissect. Just keep using that sample packet capture for your own testing. Use the sample code for the AMIN dissector and start by making it dissect a single field that contains everything (length -1). Once you get that working, start defining more fields, and you should be good to go. I strongly suggest that you take a look at the "data" dissector in epan/dissectors/packet-data.c, as it's one of the most simple dissectors in Wireshark. Don't forget to take a look at doc/README.developer, which also contains skeleton code for a basic dissector.

On Wed, Mar 24, 2010 at 3:38 AM, Bongani Fana <bfana@xxxxxxxxxx> wrote:
Hi,
My nane is Bongani, I'm working as an Intern for this big company. I'm using wireshark to dissect netwok packets, since I don't have much experience I started to search for any example that might help me to write my first plugin/dissector. after I come across AMIN (http://www.codeproject.com/KB/IP/custom_dissector.aspx) Plugin I thought its some thing that I can use as guide, after I successfully installed and compile wireshark I started to write AMIN plugin following instructions on the link above. my problem is that when I run wireshark I don't see any amin packets being captured on GUI while at the bottom of wireshark window I could see that the is something taking place. so please can some one tell me what am I doing wrong.  
Thank,
  
Bongani    

--
This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard.
The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html.


This message has been scanned for viruses and dangerous content by MailScanner,
and is believed to be clean. MailScanner thanks Transtec Computers for their support.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe