Hi! I want to add a module to the wireshark source to extract more details from the Options field of the tcp header and display them. I found out elsewhere that I need to edit ip_tcp_opt structure of the ip_opts header file in the epan folder. However, I would prefer a plugin that does the the same. I have been going through the READMEs, and from what little I've understood, plugins can be written for new dissectors. But I don't understand if one is allowed to write plugin that further analyse the fields of a protocol for which a dissector already exits. I'm very new to wireshark development, so can anyone please tell me if it should be possible?
asked 25 Jul '12, 22:06
edited 05 Nov '12, 08:31
Maybe you can also use a Postdissector, written in Lua.
answered 26 Jul '12, 09:00
Kurt Knochner ♦
edited 26 Jul '12, 09:00
Probably not, and why should it be possible? Isn't it much better to enhance the existing dissector and offer the enhancment to the Wireshark project to have it included in the code base?
answered 25 Jul '12, 22:20