Ask Your Question
0

How can I make my custom packet dissector distributable?

asked 2018-04-03 18:08:56 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

I built a custom packet dissector and I wanted to export it to others such that they don't have to rebuild their wireshark from source. I looked up README.plugins and README.developers for it but couldn't figure out a way to do this.

Typically, the target people for this dissector are people working on Linux environments (I have also developed the dissector on Ubuntu), and most of them have installed wireshark through sudo apt, therefore I want my plugin to be distributed as a simple binary or something which they can copy to their installations or maybe install on top of their current wireshark installation.

edit: I wrote the dissector in C.

edit retag flag offensive close merge delete

Comments

Making your custom packet dissector distributable depends on whether you wrote it in Lua or C. Lua is generally preferred for easy distribution, while C is better for performance and official inclusion in Wireshark.

jbs36 gravatar imagejbs36 ( 2026-04-01 18:55:51 +0000 )edit
add a comment

4 Answers

Sort by ยป oldest newest most voted
0

answered 2018-04-03 21:48:35 +0000

Jaap gravatar image

Have you ever looked in the About Wireshark dialog? There's a Folders tab which shows the folders the program uses. Of particular interest may be Personal Plugins. What happens if you drop your dissector.so file in there?

edit flag offensive delete link more

Comments

Hi @Jaap your solution worked. Thanks a lot! Also, can you elaborate if there is a method to compile the packet dissector (given suitable required files) as a standalone instead of running "make -C plugins" from the wireshark source? I also want to try the option of sending the source code of my dissector which the user can simply make on his machine.

djin31 gravatar imagedjin31 ( 2018-04-06 18:38:34 +0000 )edit
add a comment
1

answered 2018-04-10 06:53:27 +0000

grahamb gravatar image

You can contribute your dissector to the main Wireshark codebase and have it distributed on all supported platforms by the Wireshark project for free.

As a bonus, the dissector will be maintained by the Wireshark developers and you'll get your name added to the "Authors" list.

See the wiki page on Submitting Patches for guidance on how to contribute.

edit flag offensive delete link more
add a comment
0

answered 2026-04-06 09:53:38 +0000

Guy Harris gravatar image

I wrote the dissector in C currently. Is there any way to distribute the C dissector?

Make up a package, such as a tarball and a zip archive (provide both to support both UN*Xes and Windows - some UN*Xes may have a zip command to build a zip archive), with the source code, any additional files, and a README file telling people how to build it.

Sadly, that's the only way to distribute a dissector and make it usable on multiple platforms. Each Linux distribution might have to be treated as a separate platform - as far as I know, the only guaranteed form of binary compatibility for Linux distributions is at the system call layer, not at the shared library API layer, unlike, for example, macOS, Solaris, and Windows.

edit flag offensive delete link more
add a comment
0

answered 2018-04-03 18:34:54 +0000

dbAtAffirmed gravatar image

If you write your dissector as an LUA script then users can invoke it on the command-line (Linux, Windows, etc) using the -X argument. I use this myself for a few internal LUA scripts. It would then look something like:

wireshark -X lua_script:"pathToYourLuaScript"
edit flag offensive delete link more

Comments

I wrote the dissector in C currently. Is there any way to distribute the C dissector?

djin31 gravatar imagedjin31 ( 2018-04-03 18:40:37 +0000 )edit

Hello, I understand it may be a normal built-in dissector, not as a puglin dissector. As most of user of Wiresharl are using windows OS, has it been tested for a Windows OS version of Wiresharlk? A DLL created already ? I am interesting in knowing about it. thanks.

xinxolHH gravatar imagexinxolHH ( 2018-04-03 19:03:20 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2018-04-03 18:08:56 +0000

Seen: 3,969 times

Last updated: 7 hours ago

Related questions

How do I get and display packet data information at a specific byte from the first byte?

How do I add "child item" to an item in the subtree?

How do I dissect multiple packets?

how to decode part of a message as IPv4 with a custom dissector?

How do I use the fragment_add_seq_check function in UDP packet reassembly?

Is it possible to use reassembly on non-split packets?

How do I dissect packets if the dissection depends on information from earlier packets?

Little Endian for "Proto_Tree_Add_Bits" Function

build errors. First time cmake user

custom C/C++ plugin will not load - no indication why