Hi! I want to add a module to the wireshark source to extract more details from the Options field of the tcp header and display them. I found out elsewhere that I need to edit ip_tcp_opt structure of the ip_opts header file in the epan folder. However, I would prefer a plugin that does the the same. I have been going through the READMEs, and from what little I've understood, plugins can be written for new dissectors. But I don't understand if one is allowed to write plugin that further analyse the fields of a protocol for which a dissector already exits. I'm very new to wireshark development, so can anyone please tell me if it should be possible? asked 25 Jul '12, 22:06  SidR edited 05 Nov '12, 08:31 |
2 Answers:
Maybe you can also use a Postdissector, written in Lua.
Regards answered 26 Jul '12, 09:00  Kurt Knochner ♦ edited 26 Jul '12, 09:00 |
Probably not, and why should it be possible? Isn't it much better to enhance the existing dissector and offer the enhancment to the Wireshark project to have it included in the code base? answered 25 Jul '12, 22:20  Anders ♦ Thank you for your quick reply Anders. And I agree with you, enhancing the existing dissector sounds cooler. (25 Jul '12, 22:33) SidR |
This looks promising. Where can I find the register_postdissector() declaration in the source?
That's a built-in wslua function (there is no declaration). The wiki link above shows an example of how to use it. The user manual gives a brief description.
I see. However, I was asking for the equivalent C function that can be found within the wireshark source. I just found found it in epan/packet.h so nevermind. Thanks a lot!
BTW: There are some samples available.