I would like to write a .NET dissector plugin to decode my own protocols. Can wireshark read managed dlls (C# or managed C++), or does it have to be only native code or python script? I have decoders written in C# already, and would like to reuse them if possible. Any ideas how this can be done?
asked 19 Nov '13, 02:13
Wireshark is all native code. I have no idea if an unmanaged program can load a managed DLL, but if it is possible, then your DLL would have to present unmanaged interfaces so that Wireshark can call essential functions in it, your DLL may have to export some unmanaged data for Wireshark, and then any Wireshark infrastructure calls your DLL makes would have to be unmanaged and be passed and receive back unmanaged data structures.
In short if at all possible it's going to be a big chunk of work.
You may want to investigate other Wireshark dissector creation options such as text using WSGD, built-in languages such as Lua, or a C based dissector.
answered 19 Nov '13, 03:52