WireShark v0.99 was able to decode Sahara. Now in version 1.10, Sahara decoding is no longer available. Is there any way to decode Sahara with the new version? asked 03 Jul '13, 05:17  viperfx15 |
One Answer:
I was not able to find a reference to the 'Sahara' protocol in the source code of Wireshark 0.99. Either it is not called 'Sahara' (spelling error) or you had a third-party plugin in Wireshark 0.99 with a 'Sahara' dissector. Can you please add more details about that protocol? UPDATE: To answer your question:
As it's now clear that there is a custom dissector plugin (sahara.dll), you need to contact the author of the plugin and ask him/her to compile a version for you that is compatible with Wireshark 1.10. Regards answered 03 Jul '13, 06:28  Kurt Knochner ♦ edited 03 Jul '13, 07:11 |
It seems that it is a dissector plugin. However, it is located in the Wireshark/plugins/0.99 folder (sahara.dll) so this would mean it is part of the standard plugins that came with the Wireshark setup package, right? In my new instalation, in the folder Wireshark/plugins/1.10 folder, this dll is not found anymore.
The plugin could have just been dropped\installed into that location and isn't part of the standard Wireshark distribution.
As google does not find anything about sahara.dll in conjunction with Wireshark, I assume it's some home-made dissector plugin that was not released publicly.
Can you please tell us more about the Sahara protocol?
No. We never distributed a "sahara" plugin; as grahamb notes, perhaps the plugin was installed separately and was put into the standard Wireshark plugin directory, or perhaps the 0.99 that you installed was a special distribution somebody other than wireshark.org provided, with the Sahara plugin included.