This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

code for decoding

0	can anybody paste a sample c++ or c code to decode the data captured from wireshark ?? dissector source-code asked 26 May '11, 23:42 sagu072 35●23●24●28 accept rate: 0% retagged 27 May '11, 20:43 helloworld 3.1k●4●20●41

3 Answers:

1	the source-code for wireshark or tshark is freely available sample code that does exactly what you want. answered 27 May '11, 00:21 martyvis 891●1●5●25 accept rate: 7% edited 27 May '11, 00:21

0	This is the tutorial I used to learn libpcap capture, parse. Save Wireshark data as pcap and parse it with this code. http://yuba.stanford.edu/~casado/pcap/section1.html answered 27 May '11, 00:23 jakan 1●1●1●2 accept rate: 0% edited 27 May '11, 00:23

There are several resources that show you how to write your own Wireshark dissector. The difficulty level depends on the chosen language. I prefer Lua because it's easier to work with (other than debugging for which I rely on print-outs to the console), Lua doesn't require installing a bunch of packages to setup a build environment; Lua just needs a Wireshark installation.

Writing a dissector in C:

Development wiki page describes how to setup your environment
README.developer (I don't know why that's only in a simple text file)
Adding a Basic Dissector
Wireshark source code for dissectors

Writing a dissector in Lua:

answered 27 May '11, 20:42

helloworld
3.1k●4●20●41
accept rate: 28%

edited 27 May '11, 20:45