Basically it depends on what you're intending to do with the dissector.
If you're keeping it private, within a company you may want to just run the stable release version.
If you're going to submit the dissector back to the Wireshark project, then as per the Wireshark Development Submitting Patches wiki page, you should base your change off master (i.e. development). Bug fixes only can be backported to the stable versions, a new dissector will only be in the development version until that's released (see the LifeCycle wiki page for more notes about releases and backports) .
Thank you for the quick response. This will be for troubleshooting equipment that uses Ethernet to communicate between the devices on a closed network. It is a locally developed protocol and would be of no value to anyone else. For that reason it will remain private.
Then it's up to you. If you're likely to want to maintain it in future and use with newer Wireshark versions, then probably best to start with the dev sources. The drawback of the dev sources is that things change rapidly, sometimes lots of changes in a short time so if you're tracking against master you might have more rework to do. Having said that the API that a dissector uses seems fairly stable at the moment.
My own 2 cents: For internal dissectors that I maintain, I stick with the latest stable release, and then migrate to the next stable release whenever it comes out, usually once per year. There usually aren't that many changes that need to be made when migrating, and by sticking with the latest stable release, I avoid any changes occurring in development that may or possibly may not make it into the next stable release.
Asked: 2018-10-17 12:15:54 +0000
Seen: 449 times
Last updated: Oct 17 '18
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
