This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi all,

I am a beginner in wireshark plugin development so..i have been going through the docs trying to compile a plugin(dissector)which just captures UDP packets at some fixed port and displays as mydisc protocol which seems to work.Now i am trying to add this protocol in the list of protocols with options in preferences tab in edit,so that i can give some port rather than having a fixed udp port.here is the code.

#include "config.h"
#include <string.h>
#include <glib.h>
#include <epan/packet.h>
#define MYDISC_PORT 3001
static int proto_mydisc = -1;
static gboolean flag = TRUE;
static void dissect_mydisc(tvbuff_t *tvb ,packet_info *pinfo ,proto_tree *tree)
{
 col_set_str(pinfo->cinfo,COL_PROTOCOL,"MYDISC");
 col_clear(pinfo->cinfo,COL_INFO);

}
void proto_register_mydisc(void)
{
module_t* mydisc_module;
prefs_set_pref("udp.try_heuristic_first:true");
proto_mydisc = proto_register_protocol(

"mydisc protocol",
"Mydisc",
"mydisc"
);
mydisc_module = prefs_register_protocol(proto_mydisc,NULL);
prefs_register_bool_preference(mydisc_module ,"flag","flag","flag",&flag);
}
void proto_reg_handoff_mydisc(void)
{
static dissector_handle_t mydisc_handle;
mydisc_handle = create_dissector_handle(dissect_mydisc,proto_mydisc);
dissector_add_uint("udp.port",MYDISC_PORT,mydisc_handle);
}

After compiling the plugin and adding its the so files in libs i restart my wireshark but i cant find mydisc protocol in edit->preferences->protocols.Please help!! thnx in advance!!

asked 24 Sep '14, 01:49

koundi's gravatar image

koundi
9791119
accept rate: 0%

edited 24 Sep '14, 01:58


Are you sure your dissector is being loaded in the first place? A simple way to tell would be to enter "mydisc" in the display filter bar. If it turns green then your dissector is loaded, else not.

I'm guessing your dissector is not being loaded at all.

Are you building this dissector as a built-in dissector or as a plugin (is it in epan/dissectors/ or in plugins/mydisc/ or similar)? It's a lot easier to build it as a built-in dissector: all you have to do is modify epan/dissectors/Makefile.common (or epan/dissectors/Custom.common if you don't plan to submit the file to Wireshark) and then rebuild libwireshark.

permanent link

answered 24 Sep '14, 06:24

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

1

You can also see what plugins are loaded in the "About..." dialog in the "Plugins" tab; do Help > About in the GTK+ version and non-OS X Qt versions or Wireshark > About in the OS X Qt version.

(24 Sep '14, 17:08) Guy Harris ♦♦

thanks so much for replying...I know its late but ya i figured things out and did not bother to look back at this one!!And yes i was trying to build a plugin not a built -in dissector which i now know is the easier way :)

(29 Jan '15, 00:49) koundi

Also when i build a plugin the .so files(from /plugins/mydisc/.libs) of the plugin are not copied immediately into local /.wireshark folder i had to do it manually and it was not mentioned in the Readme for plugins...maybe you guys can look into it!!Thanks!!

(29 Jan '15, 00:52) koundi

The README.plugins file says

The bad news is that Wireshark will not use the plugins unless the plugins are installed in one of the places it expects them to find.

although the subsequent suggestions could use more work - and there should also be a discussion about Windows.

That document is somewhat oriented towards building a version of Wireshark bundled with the new plugin, rather than to building personal plugins; it sounds as if you're building a personal plugin. The plugins should not be automatically copied into your personal plugin folder, as that would be inappropriate when building a version of Wireshark with bundled plugins. The document should be expanded to both cover Windows and cover the "building a personal plugin" case.

(And, in the longer term, adding the ability to describe protocols with purely declarative text files, such as Wireshark Generic Dissector files, or ASN.1/various DCE IDLs/rpcgen/xcb/CORBA IDL/etc. with conformance files, without requiring any compilation, would really help; you can already write dissectors in Lua and use them in versions of Wireshark that include embedded Lua, without needing to do any compilation.)

(29 Jan '15, 13:50) Guy Harris ♦♦

Thanks so much for replying, I guess that does make sense but the only point i was trying to make was that after changing personal plugin details in the config file and other files as specified in the Readme.plugins and then using make command should mean that the user is trying to make the build with his own plugin bundled with wireshark. So making him manually transfer files from ./libs folder to one of the places wireshark expects them to be present imho is unnecessary.

(04 Feb '15, 02:08) koundi
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×39
×20
×5

question asked: 24 Sep '14, 01:49

question was seen: 1,713 times

last updated: 04 Feb '15, 02:08

p​o​w​e​r​e​d by O​S​Q​A