First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Is it possible to create a dissector for Wireshark in C in Visual Studio 2019 IDE and add it to the wireshark source code?

  • retag add tags
  1. I want to read data from COM port directly into Wireshark.
  2. Is it possible to use Visual Studio 2019 for creating the dissector?
  3. Also,how to add .exe as a plugin?
stbimudd's avatar
1
stbimudd
asked 2019-05-02 14:40:10 +0000
grahamb's avatar
23.8k
grahamb
updated 2019-05-02 15:28:49 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

As this is a Q&A site, this should really be 3 separate questions, but I'll answer them all here for brevity.

  1. You'll need to use an external utility for that. See extcap.
  2. Yes, although the current 3.0.x releases are built with VS 2017.
  3. Plugins are DLL's.
grahamb's avatar
23.8k
grahamb
answered 2019-05-02 15:31:12 +0000
Jaap's avatar
13.7k
Jaap
updated 2019-05-02 17:07:48 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Usbcap is added as .exe in extcap. I have a custom .exe file to capture serial data. Can I know the procedure to add .exe in extcap like usbcap.

stbimudd's avatar stbimudd (2019-05-04 13:32:57 +0000) edit
more
  • delete

Extcap utilities only provide an extended capture mechanism for Wireshark. They do not dissect the data, that is the work of a built-in or plugin or even a Lua dissector. Usbcap is not an an extcap interface, it's not integrated with Wireshark. USB traffic (on Windows) is captured by USBPcapCMD either to a file that is subsequently opened by Wireshark or by piping its output to Wireshark.

Extcap interfaces are discussed at the link in the answer.

grahamb's avatar grahamb (2019-05-05 16:41:29 +0000) edit
more
  • delete

I have my own extcapture which captures the serial port data that should be subsequently opened by wireshark in a similar way to USBPcapCMD. How do i proceed with this ?

stbimudd's avatar stbimudd (2019-05-06 10:18:16 +0000) edit
more
  • delete

In that case you should arrange your capture utility to output pcapng format data, either to a file or to standard output, either of which can be subsequently read by Wireshark.

grahamb's avatar grahamb (2019-05-06 11:59:30 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer