HI,

I have written few lines of code to dissect tcp options ( ORBITAL_META_OPTION 0x18 Citrix-BR add this option) and it is working perfectly.

I modified packet-tcp.c (wireshark\epan\dissectors\packet-tcp.c)

  • first i added required information in static const ip_tcp_opt tcpopts[] and static hf_register_info hf[]
  • then my own dissector function to dissect ORBITAL_META_OPTION ( 0x18)

But the problem is, if someone want to see these feature he has to use my Wireshark ( compiled by me ).

Now my manager suggested me to write a separate dissector and then DLL ( because DLL can be distributed easily).

Now my final aim is to make a DLL. How should i do ???

Regards,

asked 29 Aug '11, 23:32

Vikas's gravatar image

Vikas
1223
accept rate: 0%

edited 30 Aug '11, 12:57

helloworld's gravatar image

helloworld
2.8k21940

Distributing a DLL is easier than a customized Wireshark build, but maintaining a DLL release could be somewhat painful. DLLs must be compiled against a specific Wireshark version. So, a DLL for 1.4.6 won't necessarily run on 1.6.1 (or vice versa), and this version mismatch can cause Wireshark to fail. Every time Wireshark releases a new version, you have to recompile your DLL to ensure compatibility.

Consider writing a dissector with the Wireshark Lua API, which does not have this problem.

(30 Aug '11, 12:56) helloworld

packet-tcp is a built in dissector and can't be replaced with a DLL.

To get your changes included in Wireshark for general distribution see the Developers Guide section 3.9.2 HERE which basically asks you to raise an enhancement request on Bugzilla and attach your changes as a patch for review.

link

answered 30 Aug '11, 00:36

grahamb's gravatar image

grahamb ♦
8.7k224125
accept rate: 17%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×374
×336
×120

Asked: 29 Aug '11, 23:32

Seen: 1,502 times

Last updated: 30 Aug '11, 12:57

powered by OSQA