Re: plugin

[Marc-André Moreau <marcandre.moreau () gmail com>]

I was in the same situation as you a couple of months ago (being an intern
in a big company and being assigned the task of writing a wireshark
dissector). In my case, I was given sample captures. First, are you on
Windows? Packet capture on localhost is a bit tricky on Windows, because
it's handled differently. Section 8.4 of the tutorial gives some tips about
it. Also, I just noticed that the demo client and server used in the article
is a dead link. You need a test client and server in order create packets
which you would be able to see in Wireshark. I don't know if it can be found
somewhere else or if someone has a sample packet capture. Another problem I
can see is if you're in a big company it's possible that your workstation
has limited rights and that you did not have sufficient privileges to
install winpcap, which is required to capture packets on Windows.

What I suggest in your case is that you first get a sample packet capture
for the protocol you need to dissect. Just keep using that sample packet
capture for your own testing. Use the sample code for the AMIN dissector and
start by making it dissect a single field that contains everything (length
-1). Once you get that working, start defining more fields, and you should
be good to go. I strongly suggest that you take a look at the "data"
dissector in epan/dissectors/packet-data.c, as it's one of the most simple
dissectors in Wireshark. Don't forget to take a look at
doc/README.developer, which also contains skeleton code for a basic
dissector.

On Wed, Mar 24, 2010 at 3:38 AM, Bongani Fana <bfana () csir co za> wrote:

> Hi,
> My nane is Bongani, I'm working as an Intern for this big company. I'm
> using wireshark to dissect netwok packets, since I don't have much
> experience I started to search for any example that might help me to write
> my first plugin/dissector. after I come across AMIN
> (http://www.codeproject.com/KB/IP/custom_dissector.aspx<http://www.codeproject.com/KB/IP/custom_dissector.aspx>) 
> Plugin
> I thought its some thing that I can use as guide, after I successfully
> installed and compile wireshark I started to write AMIN plugin following
> instructions on the link above. my problem is that when I run wireshark I
> don't see any amin packets being captured on GUI while at the bottom of
> wireshark window I could see that the is something taking place. so please
> can some one tell me what am I doing wrong.
> Thank,
>
> Bongani
>
> --
> This message is subject to the CSIR's copyright terms and conditions,
> e-mail legal notice, and implemented Open Document Format (ODF) standard.
> The full disclaimer details can be found at
> http://www.csir.co.za/disclaimer.html.
>
>
> This message has been scanned for viruses and dangerous content by *
> MailScanner* <http://www.mailscanner.info/>,
> and is believed to be clean. MailScanner thanks Transtec Computers<http://www.transtec.co.uk/>for their support.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe