First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Dissector doesn't do anything

I've followed the instructions in this video from SharkFest Wireshark Developer and User Conference: https://www.youtube.com/watch?v=biNdE... about making a dissector for TCP traffic. However, once I've built the dissector (In C) and put the .c file into /usr/local/include/wireshark/epan/dissectors and run wireshark, all TCP traffic on the specified FOO_PORT still shows as TCP, and not FOO, and it isn't dissected. Has anybody else followed this video (the last 15 minutes is the C part) and come across this?

JCAMP's avatar
7
JCAMP
asked 2018-12-20 16:45:42 +0000
edit flag offensive 0 remove flag close merge delete

Comments

I realize that this is an old thread but I'm having a similar problem, the only difference is my "FOO_PORT still shows as" UDP.

Disclaimer, I'm relatively new to wireshark and my C/C++ is rusty.

I've compiled the demo dissector plugin proto_foo, verbatim from the documentation.

In debug mode I hit break points in proto_register_foo and proto_reg_handoff_foo.

When I send messages to FOO_PORT I don't break in dissect_foo. I do break in dissect_udp.

Any suggestions with where I might of gone wrong or a step that I'm missing?

Thx

RickC's avatar RickC (2020-08-06 21:53:03 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

As I did that presentation I can say, yes I did!

Looking back at the slide deck, slide 18 (C dissector installation) has some incorrect instructions.

You will need to add the dissector to CMakeLists.txt (as is done for every other built-in dissector) in the epan/dissectors directory under the set(DISSECTOR_SRC ... block. Re-run CMake and then rebuild. Ignore the mention of Makefile.common.

grahamb's avatar
23.8k
grahamb
answered 2018-12-20 16:59:32 +0000
edit flag offensive 0 remove flag delete link
more

Comments

The perfect person to answer then! I don't seem to have the CMakeLists.txt file in the epan/dissectors directory. Can I write my own/ download one from somewhere for Wireshark 2.6?

JCAMP's avatar JCAMP (2018-12-20 17:17:44 +0000) edit
more
  • delete

Something is up with your source tree as you should have that file, how did you get your sources, a git checkout (preferred) or a tarball? The file from our git repo is here (tip of master-2.6).

grahamb's avatar grahamb (2018-12-20 17:44:34 +0000) edit
more
  • delete

A tarball. All of the files in that directory are .h files, is that normal? Thank you very much for the link.

JCAMP's avatar JCAMP (2018-12-20 20:26:07 +0000) edit
more
  • delete

What tarball, where did you get it from?

Jaap's avatar Jaap (2018-12-20 23:27:18 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer