Wireshark mailing list archives

Re: Not seeing FOO Dissector in wireshark after successful build

From: Peter Wu <peter () lekensteyn nl>
Date: Tue, 23 Apr 2019 00:58:50 +0100

Hi Abhisek,

On Sun, Apr 21, 2019 at 02:31:07AM -0400, Abhisek Techie wrote:

I am trying to  add FOO dissector as plugin  to wireshark .I am following
https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html link.
But not seeing the dissector in wireshark after successful build in my
Ubuntu 18.04.2 LTS OS.

Below are the steps I performed -
1.Created packet-foo.c - Dissector source. under /plugin/epan/foo
2.Created CMakeLists.txt  under /plugin/epan/foo
3.Added CMakeListsCustom.txt  set(CUSTOM_PLUGIN_SRC_DIR plugins/epan/foo)
4.Built  the changes and could see *foo.so* getting generated in build
folder
cmake -G Ninja ../wireshark
ninja
5. Ran wireshark with *sudo* command , as I was not able to capture any
traffic using non-root user
sudo WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ./run/wireshark
6.Generated traffic on port 1234 using python code
7. But don't see the protocol name as *FOO* in the packet list pane , it
still shows *UDP* as the protocol .

Any suggestions  on what I am missing?


Just to be sure, have you checked whether the protocol is actually
loaded? That would be the first step before actually checking whether
the dissector is called. You can do this by inspecting the output of
'tshark -G protocols' or View -> Internals -> Supported Protocols.

If the protocol does not show there, check whether the plugin was
actually loaded with 'tshark -G plugins' or Help -> About -> Plugins.
Example output:

    $ tshark -G plugins
    ethercat.so             0.1.0   dissector       /tmp/wsbuild/run/plugins/3.1/epan/ethercat.so
    gryphon.so              0.0.4   dissector       /tmp/wsbuild/run/plugins/3.1/epan/gryphon.so
    irda.so                 0.0.6   dissector       /tmp/wsbuild/run/plugins/3.1/epan/irda.so
    mate.so                 1.0.1   dissector       /tmp/wsbuild/run/plugins/3.1/epan/mate.so
    ...

To avoid sudo, fix the capabilities on dumpcap, see
https://wiki.wireshark.org/Development/Tips#Running_dumpcap_on_Linux_as_unprivileged_user
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Not seeing FOO Dissector in wireshark after successful build Abhisek Techie (Apr 20)
- Re: Not seeing FOO Dissector in wireshark after successful build Abhisek Techie (Apr 22)
  - Re: Not seeing FOO Dissector in wireshark after successful build Jeff Morriss (Apr 22)
- Re: Not seeing FOO Dissector in wireshark after successful build Guy Harris (Apr 22)
- Re: Not seeing FOO Dissector in wireshark after successful build Peter Wu (Apr 22)