Ask Your Question

Protecting a proprietary protocol

asked 2019-09-23 12:56:15 +0000

MarkasSPA gravatar image

updated 2019-09-23 12:58:00 +0000

Hello, We have a customer we would like to build a dissector for. But, their protocol is propriety and they would like to protect any code that does the dissecting. I know of three options for dissecting; Lua script, C code plugin, or something someone has made like the Wireshark Generic Dissector:

I know Wireshark is covered by GPL2 and any code that touches it needs to be open and distributed. The Lua script would be readable as to the dissecting.

Is there a way to do something like pipe raw data to an external dissector binary (such that the GPL does not apply) and pipe the dissected data back to Wireshark for display?

Thanks in advance.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2019-09-23 18:49:23 +0000

Guy Harris gravatar image

GPL2 does not require you, or the customer, to make either the source code to the dissector or the executable code of the dissector publicly available.

It does, however:

  1. require that anybody who has either the source or executable code be allowed to redistribute it, either as-is or modified, to anybody they wish;
  2. require that, if you have provided somebody with the executable code, you make the source code available to them.

At least as I understand it, if, for example, the customer will only be using their dissector in-house, they can keep it in-house (the customer is the recipient of the dissector, not individual employees of the customer).

If, however, the customer wants to provide the dissector to their customers, they have to let the customer give the dissector away, in both source and executable form.

edit flag offensive delete link more


Thank you, Guy

MarkasSPA gravatar imageMarkasSPA ( 2019-09-24 13:58:56 +0000 )edit

answered 2019-09-23 15:14:55 +0000

Jaap gravatar image

You can get capture data into wireshark through an extcap interface and you can use the dissection engine output from tshark or sharkd. Apart from that there's no pipe interface onto the dissection engine itself to make such a thing possible. This would be non-trivial alone from the amount of state kept by the dissection engine.

edit flag offensive delete link more


Thanks, Jaap. Knew about the extcap interface (we pipe data in now), but was hoping for some sort of bidirectional pipe that could externalize the decoding. Or maybe send decoded data/text to a Wireshark dialog box for display? Trying not to build a separate GUI. -Mark

MarkasSPA gravatar imageMarkasSPA ( 2019-09-24 14:02:04 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2019-09-23 12:56:15 +0000

Seen: 350 times

Last updated: Sep 23 '19