hi.. is there a way to develop a dissector for wireshark using an ide (including an auto complete on wireshark api ) asked 10 Mar '15, 05:15  emaayan |
One Answer:
Probably. Whichever IDE you use will have to have some method for examining the Wireshark sources to create the auto-complete lists, and as most of the WS sources are for other dissectors which you generally aren't interested in (they're useful as examples but you won't generally be calling functions in them), not much of that will be helpful. If you're brave, and like to live on the bleeding edge, building on the Windows platform can now use CMake to generate Visual Studio solution files and then edit away in the IDE. Even with that, I still work on the dissectors I maintain with a text editor as I've done for the last decade and a bit. Note that I use VS for the day job, so I'm not anti-IDE, I just don't find it useful for WS dev. Dissector writing is mostly defining hf entries and a big switch statement to dissect the data and call answered 10 Mar '15, 05:44  grahamb ♦ |
thanks, is was more looking for something that gives me docs and api descriptions, for example i would imagine the when i do a buf(pos, 1) it gives me an object not a byte value, which means i can't really compare it to a hex value and have to use tostring. this article gave me an excellent starting point https://delog.wordpress.com/2010/09/27/create-a-wireshark-dissector-in-lua/ the only i had problems with it was i didn't know how to call a previous dissector (because using mine suddenly eliminated the data field)
Lua is another matter (I didn't sport the tag when I answered), and the Wireshark Lua Wiki page is your starting point for info.
Hopefully someone else (@Hadriel ?) will chime in about any possible IDE's for use with Lua and the Wireshark Lua API.