Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

First some background on the kind of plugin interfaces Wireshark provides. The most well known is the dissector plugin API. It allows code to be added to the dissection engine, so that it can dissect additional protocols. Besides this there are the capture file plugin API, which allows additional capture file types to be read, the codec plugin API, which allows additional audio codecs to be handled in RTP analysis and a extcap plugin API, which allows interaction with additional types of capture interfaces. All these API's are available through C binding, although the dissection engine also has a Lua interface.

As you see this all has little or nothing to do with GUI interaction. Sure the output data of these plugins are used in the GUI, but the same plugins work from the command line as well (by means of tshark). So the feature you're describing is not feasible through a plugin interface, but would have to be coded into the Qt interface code. This would involve getting to know how packet dissections are shown in the GUI, how they are shown in their own window and see how to extend upon that to a dissection diff feature. It won't be simple, but it is a feasible enhancement.