The dissectors are used for specific protocol packets parsing. It is called each time when packet data should be displayed in a packet list window or in a packet details window. Documentation about dissectors development.
The tap plugins are used to collect any statistic about some protocol. It is called once for each packet. Documentation about tap plugins development.
The best guide is located on wireshark website.
Both types of the plugin can be written in C or Lua languages. All information about the Lua plugin development with examples is here.
To make and build the wireshark plugin on Windows platform it is necessary to perform some procedure. The best description is given here.
I found enough interesting article about wireshark plugin development. It gives some additional information. There is a plugin example. Although there are many good examples in wireshark/plugins directory.
I used the articles mentioned above for own plugin development. However I met some issues and I would like to describe them (Windows platform).
Tip 1. None of the sample plugins work with the official wireshark
After successful build, plugin is not loaded by wireshark. It reports about plugin loading problem. See a picture below. But it is possible to use this plugin with the wireshark built by yourself.
To solve the issue it's necessary:
- Open the file "config.nmake" in your developer wireshark folder, e.g. C:\wireshark\config.nmake
- Search for "DLL_LDFLAGS = /MANIFEST:no" and comment this line out (using "#")
- Compile your plugin again, a manifest file will be created in your plugin folder named "pluginName.dll.manifest"
- This manifest has to be included by your dll. You can either do this by typing the following command to the shell or add it somewhere in the file "makefile.nmake" (i.e. under "all:", so it is always included when "nmake... all" is called):
mt.exe -manifest pluginName.dll.manifest -outputresource:pluginName.dll;2
Of course it is possible to use WinDbg from MS SDK. But the most convenient way is using MS Visual Studio. I just opened a source file and attached to the wireshark process. Don't forget to specify a path to debug symbol information (pdb-file). You can do this in Tools/Options/Debugging/Symbols menu.
Tip 3. Setup environment vars
I used following batch file:
@echo off
echo Adding things to the path...
set PATH=%PATH%;.
set PATH=%PATH%;d:\cygwin\bin
set HTTP_PROXY=http://proxy.yourcompany.ru:1080//
echo Setting up Visual Studio environment...
call "d:\Program Files\Microsoft Visual Studio 8\VC\bin\vcvars32.bat"
No comments:
Post a Comment