First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How can I make my custom packet dissector distributable?

I built a custom packet dissector and I wanted to export it to others such that they don't have to rebuild their wireshark from source. I looked up README.plugins and README.developers for it but couldn't figure out a way to do this.

Typically, the target people for this dissector are people working on Linux environments (I have also developed the dissector on Ubuntu), and most of them have installed wireshark through sudo apt, therefore I want my plugin to be distributed as a simple binary or something which they can copy to their installations or maybe install on top of their current wireshark installation.

edit: I wrote the dissector in C.

updated 2018-04-03 18:08:56 +0000
This post is a wiki. Anyone with karma >750 is welcome to improve it.
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

3 Answers

1

You can contribute your dissector to the main Wireshark codebase and have it distributed on all supported platforms by the Wireshark project for free.

As a bonus, the dissector will be maintained by the Wireshark developers and you'll get your name added to the "Authors" list.

See the wiki page on Submitting Patches for guidance on how to contribute.

grahamb's avatar
23.8k
grahamb
answered 2018-04-10 06:53:27 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

Have you ever looked in the About Wireshark dialog? There's a Folders tab which shows the folders the program uses. Of particular interest may be Personal Plugins. What happens if you drop your dissector.so file in there?

Jaap's avatar
13.7k
Jaap
answered 2018-04-03 21:48:35 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Hi @Jaap your solution worked. Thanks a lot! Also, can you elaborate if there is a method to compile the packet dissector (given suitable required files) as a standalone instead of running "make -C plugins" from the wireshark source? I also want to try the option of sending the source code of my dissector which the user can simply make on his machine.

djin31's avatar djin31 (2018-04-06 18:38:34 +0000) edit
more
  • delete
add a comment see more comments
0

If you write your dissector as an LUA script then users can invoke it on the command-line (Linux, Windows, etc) using the -X argument. I use this myself for a few internal LUA scripts. It would then look something like:

wireshark -X lua_script:"pathToYourLuaScript"
dbAtAffirmed's avatar
1
dbAtAffirmed
answered 2018-04-03 18:34:54 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I wrote the dissector in C currently. Is there any way to distribute the C dissector?

djin31's avatar djin31 (2018-04-03 18:40:37 +0000) edit
more
  • delete

Hello, I understand it may be a normal built-in dissector, not as a puglin dissector. As most of user of Wiresharl are using windows OS, has it been tested for a Windows OS version of Wiresharlk? A DLL created already ? I am interesting in knowing about it. thanks.

xinxolHH's avatar xinxolHH (2018-04-03 19:03:20 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer