This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can I build a sub-dissector for a close source dissector?

0

I have a plugin for a protocol which encapsulates another protocol (i.e. ASN.1 based LTE-RRC). Unfortunately I don't have the source code for this plugin. Do I still have the chance to develop a plugin to decode the encapsulated protocol? And I also noticed LTE-RRC is already supported by wireshark, how to request wireshark to decode a filed of a protocol as LTE-RRC?

asked 02 Jul '12, 22:40

Xu%20Yun's gravatar image

Xu Yun
1111
accept rate: 0%


One Answer:

0

Without having the source code of this plugin(*) it's hard to tell what hooks it provides to connect your dissector to. Maybe a symbol inspection could shed some light.

As for the LTE-RRC dissector, it register enough hooks by name, so there very well could be a applicable entrypoint for you. It's hard to tell without the details.

(*) You can always get this source code. That's because Wireshark plugins are GPL licensed, hence the distributor of the plugin has to provide the source code. (either with the binary, or upon request, for a reasonable fee for the medium it's delivered on).

answered 04 Jul '12, 01:17

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%