This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to present dissected packet information on the Wireshark GUI?

0

I would like to write a dissector to capture and parse a particular protocol, and update information on the Wireshark main window display; e.g., Source, Destination, and Info columns, and expand information in the Packet Details pane. How do I present the dissected packet information on the Wireshark GUI?

asked 02 Dec '13, 10:03

Tinker's gravatar image

Tinker
21337
accept rate: 100%


2 Answers:

1

You can use the proto_tree_add_item (and other proto_tree_add_* functions from epan/packet.h) to add items to the dissection tree, and col_set_str (and other column functions from epan/col_utils.h) to change the column data.
The m2m dissector (plugins/m2m) is pretty easy to follow, but as a very simple example, see the below code (I assume here that you have your dissector basically set up; see doc/README.developer for more on that):

void dissect_my_protocol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "My Protocol");           /* Set the Protocol column text */
    col_append_str(pinfo->cinfo, COL_INFO, " Some new information").  /* Append to the Info column */
    proto_tree_add_item(tree, hf_MyItem, tvb, 0, -1, ENC_BIG_ENDIAN); /* Add an item to the tree */
}

answered 02 Dec '13, 14:00

multipleinterfaces's gravatar image

multipleinte...
1.3k152340
accept rate: 12%

Thanks. This is what I suspected, but had difficulty in confirming it. Much appreciated.

(02 Dec '13, 14:04) Tinker

1

I would like to write a dissector to capture and parse a particular protocol,

See, for example, the README.dissector file in the doc directory of the Wireshark source.

and update information on the Wireshark main window display; e.g., Source, Destination, and Info columns, and expand information in the Packet Details pane.

Wireshark takes the column values set by your dissector and uses them to set the columns, and takes the protocol tree built by your dissector and displays it in the Packet Details pane. You do not do any GUI work yourself in the dissector; that's all done for you by the Wireshark GUI code.

answered 02 Dec '13, 13:52

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%