This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi All,

I am absolutely new to wireshark. Currently we are planning to use wireshark to capture traces of our communication protocol stack.

We intend to write plugins to dump the primitive structures sent between various components ( interface structures between various layers of our protocol stack ). Are there any sample plugins already available which I can re-use to dump structures ?

Looking forward for help.

Regards, Sameer...

asked 26 Feb '14, 10:13

Sameer's gravatar image

Sameer
11112
accept rate: 0%


Essentially you are discussing development of a dissector for your protocol(s). Wireshark creates a big infrastructure around the topics of traffic capture, reading capture files, dissection of capture traffic and displaying the results of the dissection. A dissector sits in the middle of this and dissects the structures in your protocol and hands them off to the rest of the infrastructure for display and other processing (stats, graphs etc.)

There are a number of ways of creating a dissector, each method has its pros and cons regarding ease of development, flexibility and speed in use. My SharkFest presentation for SF13 (presenting it again at SF'14) discusses three common approaches that you could look at.

If you decide on a C based dissector, then of course you have all the existing dissectors as samples to work with along with the extensive developers guide and other documentation that can be found in the source tree doc directory.

Finally remember the licencing of Wireshark, it is GPL 2.0 that means if you distribute the software you must make your source code changes available on request.

permanent link

answered 26 Feb '14, 14:09

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Many Thanks for your pointers will go through you presentation and material. I am going to write dissector in C so hopefully will be able to reuse samples.

(27 Feb '14, 01:57) Sameer
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×22
×2

question asked: 26 Feb '14, 10:13

question was seen: 1,203 times

last updated: 27 Feb '14, 01:57

p​o​w​e​r​e​d by O​S​Q​A