Wireshark-dev: [Wireshark-dev] Writing a new packet dissector

From: Daniel Griscom <griscom@xxxxxxxxxxxx>
Date: Fri, 13 Oct 2006 22:12:46 -0400
I'm developing a product using Macromedia Flash Remoting, which encapsulates its own AMF data in HTTP packets (MIME type application/x-amf). Wireshark is great for intercepting the traffic, but once I'm looking at the HTTP transaction I can't see anything more than hex data.

I'm a decent C programmer, but have no experience developing for Wireshark, and probably could only contribute in a very well-circumscribed area of the product. Given all that, I'd like to write a packet dissector for Flash Remoting AMF data presented within HTTP packets. I think that means I need to build a new media type dissector.

So, I have some questions:

- Is this something the average programmer could do without thoroughly learning the Wireshark code base?

- Would I be writing a media type dissector plugin, living alongside such modules as the GIF, JPEG and line based text dissectors?

- Where in the code tree would I find a source file that does the same task, albeit for a different media type?


... feel free to tell me RTFM, hopefully accompanied by URLs for the M...


Thanks,
Dan

--
Daniel T. Griscom             griscom@xxxxxxxxxxxx
Suitable Systems              http://www.suitable.com/
1 Centre Street, Suite 204    (781) 665-0053
Wakefield, MA  01880-2400