Dissector plugin dissector_add clarification
I am trying to write my very first dissector plugin, and I'm unsure about the first parameter of dissector_add_uint
. The function is referenced in both the Wireshark Developer’s Guide and the packet-PROTOABBREV.c / README.dissector files. However, I'm not sure how to know what to choose for the first parameter (given in examples as "udp.port" and "tcp.port"). I am writing a dissector for a protocol that is not related to a standard protocol. Wireshark will receive that packet data either from a file or the computer's USB port via UART/USB serial. Any additional information about how to know what goes in this parameter is welcome. Thank you for your help.
Here is the function:
dissector_add_uint( "udp.port", FOO_port, foo_handle );
From what type of file? Is it a type of file already readable by Wireshark, or is this a new type of file?
So do you mean that you'll be capturing on the USB port, on a platform where Wireshark can capture incoming and outgoing USB traffic, and want to decode USB serial traffic, or do you mean that you will either be modifying libpcap/WinPcap to read from some USB serial device or making an extcap program to read from that USB serial device, so that it'll be reading a capture file written by dumpcap or the extcap program?
Most likely, it will be a .txt file with binary data. However, that could probably be changed if necessary.
We will be capturing data using a Teensy microcontroller. Then, that data will either be sent to a text file that will later by read by Wireshark or I will modify the Nordic nrfSniffer (extrap plugin) to allow Wireshark to directly interface with the Teensy through the USB port.
Actually, per https://osqa-ask.wireshark.org/questi..., it looks like the file will need to be a .txt file with a hexdump to keep the .txt format (which I think would be most simple for the sniffer (the microcontroller)).
Currently, the plan is to initially set up Wireshark to read from a file. Then, after that is working, attempt to get Wireshark to interface directly with the microcontroller (via modifications to the Nordic nrfSniffer).