Ask Your Question
0

Add input parameter to tshark/sharkd

asked 2020-04-26 06:14:00 +0000

yaroni gravatar image

updated 2020-04-26 15:57:16 +0000

I want to add an input parameter to tshark command line and to sharkd as json.

For example:

tshark -new_param_name=new_param_value

In sharkd it will be a new parameter in json file

I want to be able to use these new_param_name/new_param_value in a dissector code ( for example epan/dissectors/packet-gsm_map.c)

What is the correct way to add this parameter in wireshark code? Is there an include file with all global parameters, or special struct defined for this purpose?

Answer: I found that this is the way to send the parameter from command line tshark -o "gsm_sms.new_parameter_name: TRUE"

And in code for example in dissector packet-gsm_map.c prefs_register_bool_preference(gsm_sms_module, "new_parameter_name", "new parameter name", "new parameter description", &global_variable_definition);

My new question is how do i add a parameter that is available by all dissectors ? I want to pass tshark -o "new_parameter_name: TRUE"
without the dissector so it can be used by different dissector, it is relevant to different dissector

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-04-26 07:03:36 +0000

Jaap gravatar image

They way to influence dissectors is to setup or add to the dissector preferences for that dissector. This exposes the setting to the command line as -o <name>:<value>, where name is the preference name, such as protocol.pref_name and value the value of the type of the preference.

edit flag offensive delete link more

Comments

Thank you for your answer

  1. So i don't need to add code in the tshark.c?
  2. How do i refer to it in the dissector code?
  3. The preference i want to add is general, not specific to a special decoder.
yaroni gravatar imageyaroni ( 2020-04-26 07:07:39 +0000 )edit

My new question is how do i add a parameter that is available by all dissectors ? I want to pass tshark -o "new_parameter_name: TRUE"
without the dissector so it can be used by different dissector, it is relevant to different dissector

yaroni gravatar imageyaroni ( 2020-04-26 15:57:36 +0000 )edit

a parameter that is available by all dissectors ?

I.e., this parameter will be relevant to every single dissector in Wireshark, and every single dissector that will ever be added to Wireshark? Or is it just relevant to a small set of dissectors?

Guy Harris gravatar imageGuy Harris ( 2020-04-28 18:16:36 +0000 )edit

Multiple not all dissectord. But I want user to set only one parameter in preference. And not to set multiple parameter.

yaroni gravatar imageyaroni ( 2020-04-28 22:33:02 +0000 )edit

What are the dissectors? Perhaps the best way to do it is to have a preference for one dissector and have other dissectors look at it.

Guy Harris gravatar imageGuy Harris ( 2020-04-28 23:35:52 +0000 )edit

Ok how can I look at other dissector preference ? And is there a dissector name that is general (like application or general)? I want all dissector that look at sms messages

yaroni gravatar imageyaroni ( 2020-04-29 20:23:36 +0000 )edit

And is there a dissector name that is general (like application or general)? I want all dissector that look at sms messages

Then you don't want a general preference, you want an SMS preference. Currently, there's no "SMS" dissector for all network types, but presumably there's something they all have in common if there could be a single preference to control them all. What would this preference do?

Guy Harris gravatar imageGuy Harris ( 2020-04-29 22:37:53 +0000 )edit

i would like to change the sms text to zero in the save as option in thsark.
1. So which preference should i use?
2. How do i read preference from another dissector?

yaroni gravatar imageyaroni ( 2020-04-30 06:01:06 +0000 )edit

What do you mean by "change the SMS text to zero in the save as option in TShark"?

Guy Harris gravatar imageGuy Harris ( 2020-04-30 09:36:49 +0000 )edit

Thank you very much for your help
This is not my question, my question is which preference should i use

yaroni gravatar imageyaroni ( 2020-04-30 09:42:02 +0000 )edit

I cannot make a good suggestion as to how to define the preference without understanding, in complete detail, what the preference is supposed to do.

Guy Harris gravatar imageGuy Harris ( 2020-04-30 17:07:11 +0000 )edit

The purpose of the feature is to mask the bytes of the sms text. I need to have as output a pcap with sms masked ( 0 instead of text).

yaroni gravatar imageyaroni ( 2020-04-30 17:26:52 +0000 )edit

So, in the text output of TShark, such as you get with the "-V" flag, you want the text of an SMS message "censored"?

Or do you mean that you want TShark to be able to write binary capture files with the text of the message replaced by zeroed bytes?

Guy Harris gravatar imageGuy Harris ( 2020-04-30 22:00:59 +0000 )edit

i want to have a new pcap with sms censored. I don't want to have text output

yaroni gravatar imageyaroni ( 2020-05-03 06:17:37 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-04-26 06:14:00 +0000

Seen: 584 times

Last updated: Apr 26 '20

Related questions

Is it possible to disable all TCP expert information in tshark when outputting JSON?

lua script for 80211ah

how to invert two bytes in lua script dissector ?

How do I get and display packet data information at a specific byte from the first byte?

why protocol is not showing as HTTP even though we sent http request ?

Adjusting Bit order and Endianess in LUA between Dissectors

How do I add "child item" to an item in the subtree?

PRP Dissector and FCS

Deduplication in tshark -T ek [closed]

filtering out protocol, sequence number, and ack using tshark