This is a static archive of our old Q&A Site. Please post any new questions and answers at

New Plugin development



I have just registered the plugin. But I am not sure if the dissector function is getting called. First of all is there any way to debug through logs or any other method while developing plugin.

  static gboolean initialized = FALSE;
  static dissector_handle_t c2c_handle;
  static dissector_handle_t raw_user_handle;
  static dissector_handle_t sll_user_handle;
  static guint c2c_ethertype;
  static guint c2c_ethertype2;

if (!initialized) { c2c_handle = create_dissector_handle(dissect_c2c, proto_c2c); raw_user_handle = create_dissector_handle(dissect_raw_user, proto_c2c); sll_user_handle = create_dissector_handle(dissect_sll_user, proto_c2c); dissector_add_handle("ethertype", c2c_handle); // dissector_add("wtap_encap", WTAP_ENCAP_RAW_IP, find_dissector("user_dlt"));

// The following two are needed to hook up the hacks for the wave-raw interface to wireshark
// by taking over the RAW and SLL encapsulations.
// This could cause trouble with "real" RAW or SLL captures, but can be simply fixed by deactivating the plugin.

dissector_add("wtap_encap", WTAP_ENCAP_RAW_IP, raw_user_handle);
dissector_add("wtap_encap", WTAP_ENCAP_SLL, sll_user_handle);

initialized = TRUE;

} else { if (c2c_ethertype != 0) { dissector_delete("ethertype", c2c_ethertype, c2c_handle); } if (c2c_ethertype2 != 0) { dissector_delete("ethertype", c2c_ethertype2, c2c_handle); } } if (global_c2c_ethertype != 0) { dissector_add("ethertype", global_c2c_ethertype, c2c_handle); } if (global_c2c_ethertype2 != 0) { dissector_add("ethertype", global_c2c_ethertype2, c2c_handle); } c2c_ethertype = global_c2c_ethertype; c2c_ethertype2 = global_c2c_ethertype2; }

The code has been provided. I have to add more dissectors. It is mentioned here that ethertype packets are going to be handled. I am not sure because I am passing the logs and I dont see anything shown in wireshark application. Please anyone could help me in this.

asked 28 May ‘14, 04:30

Amit%20Bhanja's gravatar image

Amit Bhanja
accept rate: 0%

edited 28 May ‘14, 04:40

grahamb's gravatar image

grahamb ♦

You know you can have your code visualised as code by indenting it with 4 spaces? (This makes it way easier to read)

(28 May ‘14, 04:37) xtofl

Or by highlighting the code in question and hitting the “code” format button, or by adding the < code >< /code > tags around the code.

Keeps me busy though reformatting all the stuff.

(28 May ‘14, 04:42) grahamb ♦

Thanks for the comment, I will keep this in mind for the next time.

(28 May ‘14, 04:53) Amit Bhanja