This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark dissector on windows 10:how debug and how send a tcp packet to myself

0

Hi, After building my solution with Visual Studio 2013 I have 3 questions:

  1. I'd like to know how to debug my code: I'm not able via Visual Studio.
  2. How can I send to myself a TCP packet (with a specific port) in order to activate and debug my own dissector? I'm working on Windows.
  3. I don't want to select a specific port on my dissector, I'd like to call my dissector for every port.

asked 09 Jun '16, 13:53

kenhero's gravatar image

kenhero
6568
accept rate: 0%

edited 09 Jun '16, 14:50

Jaap's gravatar image

Jaap ♦
11.7k16101


One Answer:

0

Hopefully you're using a CMake build which generates a Visual Studio solution (Wireshark.sln) that you can open in VS. If you're still using nmake, stop now and change to CMake. Have you looked at the (sparse) debugging section in the developer's guide? Basically, it's standard Visual Studio debugging, nothing special for Wireshark.

For item 2, use any programming or scripting language or tool you have handy to open a tcp connection and send your required packet. For example, here's a recipe using PowerShell. Google is your friend here.

For item 3, this requires a heuristic dissector, see doc\README.heuristic in the sources for more info.

answered 10 Jun '16, 02:26

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Hi Grahamb,

on MSVS 2013 if i start with Debug->start debugging this window appears

alt text

After clicking on "yes" the second window appears and blocked me.

alt text

Could you explain me briefly what it means and how to solve it? Btw i used : 1) cmake -DENABLE_CHM_GUIDES=on -G "Visual Studio 12 Win64" ..\wireshark

2)msbuild /m /p:Configuration=Debug Wireshark.sln

(10 Jun '16, 02:58) kenhero

For point 2), you may prefer to draw your packet (or several packets) in hexadecimal, using a text editor, and use Wireshark's File -> Import from Hex Dump capability. This way you can create any packet contents you like (including some malformed ones to check your dissector's handling of non-standard packets) and you don't need any additional software. You may use existing packets as a base, using Copy -> ... as Hex Dump from the context menu (right click) on the Frame line in packet dissection pane first, pasting the result into the text editor, and editing the part of the packets which represents your protocol to be dissected.

(10 Jun '16, 03:36) sindy

The out of date issue is due to some (unknown to me) discrepancy between an msbuild and a VS build, possibly due to timestamps. You can either ignore the error or rebuild the solution in Visual Studio.

The unable to start program issue is because you haven't set Wireshark to be the "start-up project to run when debugging. Right-click the "Wireshark" node in the project tree and click "Set as StartUp Project".

(10 Jun '16, 03:42) grahamb ♦