Ask Your Question
0

Is it possible to create a dissector for Wireshark in C in Visual Studio 2019 IDE and add it to the wireshark source code?

asked 2019-05-02 14:40:10 +0000

stbimudd gravatar image

updated 2019-05-02 15:28:49 +0000

grahamb gravatar image
  1. I want to read data from COM port directly into Wireshark.
  2. Is it possible to use Visual Studio 2019 for creating the dissector?
  3. Also,how to add .exe as a plugin?
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-05-02 15:31:12 +0000

grahamb gravatar image

updated 2019-05-02 17:07:48 +0000

Jaap gravatar image

As this is a Q&A site, this should really be 3 separate questions, but I'll answer them all here for brevity.

  1. You'll need to use an external utility for that. See extcap.
  2. Yes, although the current 3.0.x releases are built with VS 2017.
  3. Plugins are DLL's.
edit flag offensive delete link more

Comments

Usbcap is added as .exe in extcap. I have a custom .exe file to capture serial data. Can I know the procedure to add .exe in extcap like usbcap.

stbimudd gravatar imagestbimudd ( 2019-05-04 13:32:57 +0000 )edit

Extcap utilities only provide an extended capture mechanism for Wireshark. They do not dissect the data, that is the work of a built-in or plugin or even a Lua dissector. Usbcap is not an an extcap interface, it's not integrated with Wireshark. USB traffic (on Windows) is captured by USBPcapCMD either to a file that is subsequently opened by Wireshark or by piping its output to Wireshark.

Extcap interfaces are discussed at the link in the answer.

grahamb gravatar imagegrahamb ( 2019-05-05 16:41:29 +0000 )edit

I have my own extcapture which captures the serial port data that should be subsequently opened by wireshark in a similar way to USBPcapCMD. How do i proceed with this ?

stbimudd gravatar imagestbimudd ( 2019-05-06 10:18:16 +0000 )edit

In that case you should arrange your capture utility to output pcapng format data, either to a file or to standard output, either of which can be subsequently read by Wireshark.

grahamb gravatar imagegrahamb ( 2019-05-06 11:59:30 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-05-02 14:40:10 +0000

Seen: 81 times

Last updated: May 02