I want to implement a protocol in wireshark and decode its packets according to what is mentioned in the protocol specification. The protocol needs not to be a networking protocol. I will provide the data to decode in form of .csv file format.
I have read the developers guide on implementing custom dissector on top of some other protocol like tcp/udp etc. But here in my case it is completely different because firstly the protocol data comes from csv and it will run independently not top of any other existing protocol.
Is it feasible to implement such customizations in wireshark?? How shall I proceed with the development? What all modules I need to change My purpose of such kind of implementation is to analyze protocol data through wireshark.
Looking for a reply. Thanks in advance :)
asked 17 Jan '12, 00:37
You can implement a dissector for a protocol that does not run on top of another --as Guy said in his comment, this would be a link-layer protocol. What you cannot do is feed your csv file directly into Wireshark, as this is not a file format Wireshark currently understands. My guess is that this is the output of some other program that you are interested in reviewing. While it is possible to use Wireshark for this task, it will require some additional work. Since you will be doing some sort of additional work to display your data, I might recommend that you go another route to display your data (e.g. write a Python script that examines and displays your data, or a VB form to do the same).
Since your data files are almost certainly not in binary format (and certainly not one Wireshark already understands), using Wireshark will ultimately require converting your csv files to another format first. One method of doing this that I have used in the past goes like this:
This strategy allows you to leverage Wireshark for much of the heavy lifting in terms of display, filtering, searching, and so on without having to write all of that yourself. What it requires is a little translation of your data from one format to another, and, more drastically, learning how to program for Wireshark. Once you get used to it, it is quite simple, but the learning curve can be a little steep at times.
answered 17 Jan '12, 07:04