It appears that in either situation I have to rebuild the source. So what's the advantage to writing my dissector as a plugin? Is there a way to build a dissector so that I only have to give my end-user the dissector w/o a modified Wireshark executable? Would my dissector be usable only with one version of Wireshark? I am working in an air-gapped environment with no access to the net.