Ask Your Question
0

Dissector doesn't do anything

asked 2018-12-20 16:45:42 +0000

JCAMP gravatar image

I've followed the instructions in this video from SharkFest Wireshark Developer and User Conference: https://www.youtube.com/watch?v=biNdE... about making a dissector for TCP traffic. However, once I've built the dissector (In C) and put the .c file into /usr/local/include/wireshark/epan/dissectors and run wireshark, all TCP traffic on the specified FOO_PORT still shows as TCP, and not FOO, and it isn't dissected. Has anybody else followed this video (the last 15 minutes is the C part) and come across this?

edit retag flag offensive close merge delete

Comments

I realize that this is an old thread but I'm having a similar problem, the only difference is my "FOO_PORT still shows as" UDP.

Disclaimer, I'm relatively new to wireshark and my C/C++ is rusty.

I've compiled the demo dissector plugin proto_foo, verbatim from the documentation.

In debug mode I hit break points in proto_register_foo and proto_reg_handoff_foo.

When I send messages to FOO_PORT I don't break in dissect_foo. I do break in dissect_udp.

Any suggestions with where I might of gone wrong or a step that I'm missing?

Thx

RickC gravatar imageRickC ( 2020-08-06 21:53:03 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-12-20 16:59:32 +0000

grahamb gravatar image

As I did that presentation I can say, yes I did!

Looking back at the slide deck, slide 18 (C dissector installation) has some incorrect instructions.

You will need to add the dissector to CMakeLists.txt (as is done for every other built-in dissector) in the epan/dissectors directory under the set(DISSECTOR_SRC ... block. Re-run CMake and then rebuild. Ignore the mention of Makefile.common.

edit flag offensive delete link more

Comments

The perfect person to answer then! I don't seem to have the CMakeLists.txt file in the epan/dissectors directory. Can I write my own/ download one from somewhere for Wireshark 2.6?

JCAMP gravatar imageJCAMP ( 2018-12-20 17:17:44 +0000 )edit

Something is up with your source tree as you should have that file, how did you get your sources, a git checkout (preferred) or a tarball? The file from our git repo is here (tip of master-2.6).

grahamb gravatar imagegrahamb ( 2018-12-20 17:44:34 +0000 )edit

A tarball. All of the files in that directory are .h files, is that normal? Thank you very much for the link.

JCAMP gravatar imageJCAMP ( 2018-12-20 20:26:07 +0000 )edit

What tarball, where did you get it from?

Jaap gravatar imageJaap ( 2018-12-20 23:27:18 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-12-20 16:45:42 +0000

Seen: 681 times

Last updated: Dec 20 '18

Related questions

Proprietary CAN dissector - dissector is never called

"global" tcp stream variables for a dissector.

Is it possible to disable all TCP expert information in tshark when outputting JSON?

how to get SDP information from the Lua

how to invert two bytes in lua script dissector ?

Why there is port mismatch in tcp and http header for port 51006. Also why the netstat in server do not shows connections under port 51006 even traffic is coming to this port.

How do I get and display packet data information at a specific byte from the first byte?

Client is waiting for FIN flag from server for 30 sec

why protocol is not showing as HTTP even though we sent http request ?

Adjusting Bit order and Endianess in LUA between Dissectors