Is there a way to build a Windows Wireshark that would install my custom scripts/profile/rules automatically?
Wireshark installation packages (Windows installers, macOS drag-and-drop application bundles, Linux/*BSD/Solaris/etc. packages for various package managers) include "system" settings files:
- Windows: stored in
C:\Program Files\Wireshark (or wherever Wireshark is installed); - macOS: stored in
/Applications/Wireshark.app/Contents/Resources/share/wireshark (or whoever Wireshark is installed); - other UN*Xes: stored in
/usr/share/wireshark or /usr/local/share/wireshark or whatever the share directory corresponding to where Wireshark is installed is;
and "system" plugins:
- Windows: stored in
C:\Program Files\Wireshark\plugins (or wherever Wireshark is installed); - macOS: stored in
/Applications/Wireshark.app/Contents/PlugIns/wireshark (or whoever Wireshark is installed); - other UN*Xes: stored in
/usr/lib/wireshark/plugins or /usr/local/lib/share/wireshark (possibly with some instruction set-specific directory inserted under lib) or whatever the share directory corresponding to where Wireshark is installed is;
If you were to build a Wireshark installation that:
- adds your new Lua dissector to the "system" plugins directory;
- adds your coloring rules to the
coloringrules file in the "system" settings files directory; - adds you profile to the
profiles directory in the "system" settings files directory;
that would be an installer that would install your add-ons.
Unfortunately, we don't have a simple process for doing that; building an installer is done from Wireshark source, including building Wireshark itself from source.
EDIT: there's also a dfilters system settings file to which you could add your display filter(s). There is, however, no mechanism to automatically apply that filter when a capture file is first opened (or a capture is started), but adding a button in the dfilter_buttons file, as Chuckc suggested, would make it easier to apply quickly.
When you say "build" do you mean create a Windows Wireshark Installer?
Yes. I want my team (that is not familiar with Wireshark) to be able to install Wireshark and not to worry about copying profile files nor lua scripts/coloring rules. It would just install it where it needs to be once. I found NSIS but haven't use it.
"internal protocol" may not allow it, but if you could Contribute Your Changes they would then be included and maintained with the standard installer.
I'm not sure if there is a standard way to do this so these are just my $.02.
Add a custom section to wireshark.nsi. This gives the user the option of not including (installer check box) and makes clear in the install process that some custom stuff is being added.
Or repurpose
custom_plugins.txtthat is described in doc/README.plugins.Then any updates to
wireshark.nsiwon't wallop your changes.Great. I'll check if we are allowed to Contribute and otherwise will check your .nsi way. Thanks a lot!
Would adding a Display Filter Button to the dfilter_buttons file come close to starting with a display filter?