Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Clarifications regarding building wireshark

From: Dario Lombardo <lomato () gmail com>
Date: Mon, 16 Mar 2020 09:21:11 +0100
On Mon, Mar 16, 2020 at 7:37 AM Ankish Shah <ankishshah998998 () gmail com>
wrote:


I've downloaded and built wireshark on Ubuntu machine and I was going
through the documentation of building new dissectors.
I have a couple of doubts.
1. When I write code for a new dissector, do I have to build the entire
wireshark once again (it takes around 10-12 mins on my system), or is there
any option to compile only the new files and see the results?



The build system just compiles what changed on disk. You can skip the
linking phase, if you want to just compile your dissector, by issuing
make/ninja epan/dissectors/CMakeFiles/dissectors.dir/packet-dns.c.o (to
compile packet-dns.c, for instance). But this won't give you a fully
functional wireshark, just serves to see if your dissector compiles.



2. Once I code new dissectors, how do I test it using wireshark? For
example, if you create a dissector to capture packets on port '12345' and
the packet includes a flag bit and an ipv4 address, how do you actually
create the packet, send it on port 12345 and see the results on wireshark?



You have bunch of options here. From writing a pcap file manually yourself,
to write your payload manually and send it through the network with netcat,
to use high level software such as scapy. It really depends on your
knowledge of the protocol and on your confidence with the raw hex writing.
Wireshark doesn't give support for writing sample captures. My suggestion
is: start from an existing capture (in pcap format, that is easier), modify
it with hex editors such as ghex2 on ubuntu, and open it from disk with
wireshark, without involving the network. After all you're working on a
dissector that works both on captured or saved traffic.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: