OSQA is unmaintained. Help us figure out where to go from here.

With 2.3.0 version, I am creating a new in-built dissector as listed below. I have updated the epan/dissectors/CMakeLists and added my file that contains the dissector, packet-probe.c

Done cmake and msbuild and build my wireshark version. However I don't see my dissector when I run my wireshark version.

Could you please let me know if there are any othe makefile or registry files that I need to update?

proto_register_pb(void)
{
...
  proto_probe = proto_register_protocol("Probe", "PROBE", "probe");
  proto_register_field_array(proto_probe, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
}

proto_reg_handoff_probe(void)
{
  dissector_handle_t probe_handle;
  ip_handle = find_dissector("ip");
  rsvp_handle = find_dissector("rsvp");
  probe_handle = create_dissector_handle(dissect_probe, proto_probe); 
  dissector_add_uint("udp.port", UDP_PORT_PROBE, probe_handle);
}

static void
dissect_probe(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "PROBE");
    if (tree) {
    ...
    }
...
}

Regards

Sanj

asked 16 Mar, 09:22

Sanj123's gravatar image

Sanj123
6126
accept rate: 0%

edited 16 Mar, 09:38

grahamb's gravatar image

grahamb ♦
19.5k330205

Does your protocol show up under the menu item Analyze -> Enabled Protocols?

(16 Mar, 09:39) grahamb ♦

No, I am not seeing my "probe" protocol under the Analyze->Enable Protocols menu.

(16 Mar, 09:53) Sanj123

If your code is in the order shown in your excerpt, i.e. dissect_probe() defined after it's used in proto_reg_handoff_probe() then I suspect it isn't being compiled which would point to a CMake problem.

Presumably you added your dissector to the DISSECTOR_SRC item in epan/dissectors/CMakeLists.txt?

Try opening the solution in Visual Studio and checking if your source file is shown in the Solution Explorer under Libs\epan\dissectors\dissectors\dissectors.

(16 Mar, 10:05) grahamb ♦

dissect_probe() is the 1st and proto_reg_handoff_probe() is the last call in the file. Sorry about the order listed in the example.

I had added the packet-probe.c file.c to set(DISSECTOR_SRC...) I am trying to figure out how to look up the file in Solution Explorer.

(16 Mar, 10:28) Sanj123

If the order is the correct way around it may well be compiled.

In your build directory do you see packet-probe.obj under epan\dissectors\dissectors.dir\RelWithDebInfo?

(16 Mar, 10:48) grahamb ♦

Yes, I do see the packet-prob.obj under Development/wsbuild64\epan\dissectors\dissectors.dir\RelWithDebInfo

(16 Mar, 10:55) Sanj123

It's compiled then.

Are you certain you're running the Wireshark you've just built, i.e. from your build directory run\RelWithDebInfo\Wireshark.exe?

(16 Mar, 11:31) grahamb ♦

Yes, I have checked the timestamp, I am running the one I built with the probe.

(16 Mar, 11:53) Sanj123

The .obj was being created but the executable did not show the new protocol. I deleted the RelWithDebInfo directory and rebuild. Now I can correctly see my protocol. Thanks for your help!!

(16 Mar, 13:25) Sanj123

If you open the generated file register.c is your dissectors register function included,if not delete the file to have it regenerated.

(16 Mar, 13:26) Anders ♦

Thanks both!!

(17 Mar, 07:37) Sanj123
showing 5 of 11 show 6 more comments
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×631
×8

question asked: 16 Mar, 09:22

question was seen: 236 times

last updated: 17 Mar, 07:37

p​o​w​e​r​e​d by O​S​Q​A