Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-04-22 02:11:41 +0000

Guy Harris gravatar image

Is there a way to build a Windows Wireshark that would install my custom scripts/profile/rules automatically?

Wireshark installation packages (Windows installers, macOS drag-and-drop application bundles, Linux/*BSD/Solaris/etc. packages for various package managers) include "system" settings files:

  • Windows: stored in C:\Program Files\Wireshark (or wherever Wireshark is installed);
  • macOS: stored in /Applications/Wireshark.app/Contents/Resources/share/wireshark (or whoever Wireshark is installed);
  • other UN*Xes: stored in /usr/share/wireshark or /usr/local/share/wireshark or whatever the share directory corresponding to where Wireshark is installed is;

and "system" plugins:

  • Windows: stored in C:\Program Files\Wireshark\plugins (or wherever Wireshark is installed);
  • macOS: stored in /Applications/Wireshark.app/Contents/PlugIns/wireshark (or whoever Wireshark is installed);
  • other UN*Xes: stored in /usr/lib/wireshark/plugins or /usr/local/lib/share/wireshark (possibly with some instruction set-specific directory inserted under lib) or whatever the share directory corresponding to where Wireshark is installed is;

If you were to build a Wireshark installation that:

  • adds your new Lua dissector to the "system" plugins directory;
  • adds your coloring rules to the coloringrules file in the "system" settings files directory;
  • adds you profile to the profiles directory in the "system" settings files directory;

that would be an installer that would install your add-ons.

Unfortunately, we don't have a simple process for doing that; building an installer is done from Wireshark source, including building Wireshark itself from source.

Is there a way to build a Windows Wireshark that would install my custom scripts/profile/rules automatically?

Wireshark installation packages (Windows installers, macOS drag-and-drop application bundles, Linux/*BSD/Solaris/etc. packages for various package managers) include "system" settings files:

  • Windows: stored in C:\Program Files\Wireshark (or wherever Wireshark is installed);
  • macOS: stored in /Applications/Wireshark.app/Contents/Resources/share/wireshark (or whoever Wireshark is installed);
  • other UN*Xes: stored in /usr/share/wireshark or /usr/local/share/wireshark or whatever the share directory corresponding to where Wireshark is installed is;

and "system" plugins:

  • Windows: stored in C:\Program Files\Wireshark\plugins (or wherever Wireshark is installed);
  • macOS: stored in /Applications/Wireshark.app/Contents/PlugIns/wireshark (or whoever Wireshark is installed);
  • other UN*Xes: stored in /usr/lib/wireshark/plugins or /usr/local/lib/share/wireshark (possibly with some instruction set-specific directory inserted under lib) or whatever the share directory corresponding to where Wireshark is installed is;

If you were to build a Wireshark installation that:

  • adds your new Lua dissector to the "system" plugins directory;
  • adds your coloring rules to the coloringrules file in the "system" settings files directory;
  • adds you profile to the profiles directory in the "system" settings files directory;

that would be an installer that would install your add-ons.

Unfortunately, we don't have a simple process for doing that; building an installer is done from Wireshark source, including building Wireshark itself from source.

EDIT: there's also a dfilters system settings file to which you could add your display filter(s). There is, however, no mechanism to automatically apply that filter when a capture file is first opened (or a capture is started), but adding a button in the dfilter_buttons file, as Chuckc suggested, would make it easier to apply quickly.