Ask Your Question
0

How can I make my custom packet dissector distributable?

asked 2018-04-03 18:08:56 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

I built a custom packet dissector and I wanted to export it to others such that they don't have to rebuild their wireshark from source. I looked up README.plugins and README.developers for it but couldn't figure out a way to do this.

Typically, the target people for this dissector are people working on Linux environments (I have also developed the dissector on Ubuntu), and most of them have installed wireshark through sudo apt, therefore I want my plugin to be distributed as a simple binary or something which they can copy to their installations or maybe install on top of their current wireshark installation.

edit: I wrote the dissector in C.

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
0

answered 2018-04-03 21:48:35 +0000

Jaap gravatar image

Have you ever looked in the About Wireshark dialog? There's a Folders tab which shows the folders the program uses. Of particular interest may be Personal Plugins. What happens if you drop your dissector.so file in there?

edit flag offensive delete link more

Comments

Hi @Jaap your solution worked. Thanks a lot! Also, can you elaborate if there is a method to compile the packet dissector (given suitable required files) as a standalone instead of running "make -C plugins" from the wireshark source? I also want to try the option of sending the source code of my dissector which the user can simply make on his machine.

djin31 gravatar imagedjin31 ( 2018-04-06 18:38:34 +0000 )edit
0

answered 2018-04-03 18:34:54 +0000

dbAtAffirmed gravatar image

If you write your dissector as an LUA script then users can invoke it on the command-line (Linux, Windows, etc) using the -X argument. I use this myself for a few internal LUA scripts. It would then look something like:

wireshark -X lua_script:"pathToYourLuaScript"
edit flag offensive delete link more

Comments

I wrote the dissector in C currently. Is there any way to distribute the C dissector?

djin31 gravatar imagedjin31 ( 2018-04-03 18:40:37 +0000 )edit

Hello, I understand it may be a normal built-in dissector, not as a puglin dissector. As most of user of Wiresharl are using windows OS, has it been tested for a Windows OS version of Wiresharlk? A DLL created already ? I am interesting in knowing about it. thanks.

xinxolHH gravatar imagexinxolHH ( 2018-04-03 19:03:20 +0000 )edit
1

answered 2018-04-10 06:53:27 +0000

grahamb gravatar image

You can contribute your dissector to the main Wireshark codebase and have it distributed on all supported platforms by the Wireshark project for free.

As a bonus, the dissector will be maintained by the Wireshark developers and you'll get your name added to the "Authors" list.

See the wiki page on Submitting Patches for guidance on how to contribute.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2018-04-03 18:08:56 +0000

Seen: 1,498 times

Last updated: Apr 10 '18