This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Need help in dumping primitive structure

0

Hi All,

I am absolutely new to wireshark. Currently we are planning to use wireshark to capture traces of our communication protocol stack.

We intend to write plugins to dump the primitive structures sent between various components ( interface structures between various layers of our protocol stack ). Are there any sample plugins already available which I can re-use to dump structures ?

Looking forward for help.

Regards, Sameer...

asked 26 Feb '14, 10:13

Sameer's gravatar image

Sameer
11112
accept rate: 0%


One Answer:

1

Essentially you are discussing development of a dissector for your protocol(s). Wireshark creates a big infrastructure around the topics of traffic capture, reading capture files, dissection of capture traffic and displaying the results of the dissection. A dissector sits in the middle of this and dissects the structures in your protocol and hands them off to the rest of the infrastructure for display and other processing (stats, graphs etc.)

There are a number of ways of creating a dissector, each method has its pros and cons regarding ease of development, flexibility and speed in use. My SharkFest presentation for SF13 (presenting it again at SF'14) discusses three common approaches that you could look at.

If you decide on a C based dissector, then of course you have all the existing dissectors as samples to work with along with the extensive developers guide and other documentation that can be found in the source tree doc directory.

Finally remember the licencing of Wireshark, it is GPL 2.0 that means if you distribute the software you must make your source code changes available on request.

answered 26 Feb '14, 14:09

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Many Thanks for your pointers will go through you presentation and material. I am going to write dissector in C so hopefully will be able to reuse samples.

(27 Feb '14, 01:57) Sameer