Ask Your Question
0

Dissector doesn't do anything

asked 2018-12-20 16:45:42 +0000

JCAMP gravatar image

I've followed the instructions in this video from SharkFest Wireshark Developer and User Conference: https://www.youtube.com/watch?v=biNdE... about making a dissector for TCP traffic. However, once I've built the dissector (In C) and put the .c file into /usr/local/include/wireshark/epan/dissectors and run wireshark, all TCP traffic on the specified FOO_PORT still shows as TCP, and not FOO, and it isn't dissected. Has anybody else followed this video (the last 15 minutes is the C part) and come across this?

edit retag flag offensive close merge delete

Comments

I realize that this is an old thread but I'm having a similar problem, the only difference is my "FOO_PORT still shows as" UDP.

Disclaimer, I'm relatively new to wireshark and my C/C++ is rusty.

I've compiled the demo dissector plugin proto_foo, verbatim from the documentation.

In debug mode I hit break points in proto_register_foo and proto_reg_handoff_foo.

When I send messages to FOO_PORT I don't break in dissect_foo. I do break in dissect_udp.

Any suggestions with where I might of gone wrong or a step that I'm missing?

Thx

RickC gravatar imageRickC ( 2020-08-06 21:53:03 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-12-20 16:59:32 +0000

grahamb gravatar image

As I did that presentation I can say, yes I did!

Looking back at the slide deck, slide 18 (C dissector installation) has some incorrect instructions.

You will need to add the dissector to CMakeLists.txt (as is done for every other built-in dissector) in the epan/dissectors directory under the set(DISSECTOR_SRC ... block. Re-run CMake and then rebuild. Ignore the mention of Makefile.common.

edit flag offensive delete link more

Comments

The perfect person to answer then! I don't seem to have the CMakeLists.txt file in the epan/dissectors directory. Can I write my own/ download one from somewhere for Wireshark 2.6?

JCAMP gravatar imageJCAMP ( 2018-12-20 17:17:44 +0000 )edit

Something is up with your source tree as you should have that file, how did you get your sources, a git checkout (preferred) or a tarball? The file from our git repo is here (tip of master-2.6).

grahamb gravatar imagegrahamb ( 2018-12-20 17:44:34 +0000 )edit

A tarball. All of the files in that directory are .h files, is that normal? Thank you very much for the link.

JCAMP gravatar imageJCAMP ( 2018-12-20 20:26:07 +0000 )edit

What tarball, where did you get it from?

Jaap gravatar imageJaap ( 2018-12-20 23:27:18 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-12-20 16:45:42 +0000

Seen: 692 times

Last updated: Dec 20 '18