We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] Writing/sharing dissectors

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 26 Apr 2007 07:01:05 +0200 (CEST)

For a more extensive answer, after reading said website, there's not
really a roadmap to a dissector. Much depends on the situation.
First you'll have to choose the way you want to deploy you dissector. My
guess would be a plugin dissector in your case, rather then build in.

Another choice is style, based on the complexity of the protocol. Very
simple protocols can use a simple pvt_cursor style, medium to complex ones
can use proto_tree_add_item calls, while ASN.1 based protocol can have a
generated dissector.

Have some shared code repository for your dissector, that way you can
easily share the code and build on the two platforms. They're not that
different, thanks to glib, apart from the build scripts. See the developer
guide to setup your windows build environment, and the README.* in /doc in
the source tree for all kinds of inside info.


On Wed, 25 Apr 2007, Ulf Lamping wrote:

> Kobboi wrote:
> > Hello,
> >
> > Some very basic questions, hope you don't mind my asking them...
> >
> > Where can I find a recent HOWTO on writing your own dissector for a
> > proprietary protocol? Is there some basic roadmap that can help me keep
> > an overview and not lose the way?
> >
> > When I have finished writing it, how do I easily share my dissector?
> > Does everyone who wants to use it need to recompile their Wireshark? Any
> > important Windows/Linux differences? (I'll need to support both
> > platforms)
> >
> > Thanks for the info!
> >
> >
> See: http://wiki.wireshark.org/Development
> Regards, ULFL