Wireshark-dev: Re: [Wireshark-dev] How to develop a pluginin wireshark
From: "Josh Moore" <jmoore@xxxxxxxxxxxx>
Date: Wed, 2 Apr 2008 07:57:58 -0500
Hi Auvray Julien: Over the past month I made several plugins for use at my job. I found the following things helpful: 1. Set up your build environment using http://www.wireshark.org/docs/wsdg_html/#ChSetupMSVC . 2. Use doc/README.developer as a reference. It has some skeleton code for a dissector. I like the col_append_fstr() function for using the Info column, and the proto_tree_add_int_format(), proto_tree_add_int_format_value(), proto_tree_add_text(), and other similar functions. They give lots of printf()-like control over how your dissector displays the data from the packet. 3. Make a simple dissector that reads at least one field using http://www.wireshark.org/docs/wsdg_html/#ChDissectAdd . It points you to the "agentx" plugin as a place to start for some supporting files (like makefiles) for the dissector. 4. Expand it by trying different things; what's the worst that could happen? What you try doesn't work and WS crashes or gives you an error. So, you go back a step and undo the change you made that made it not work. 5. Add debug outputs to a file where you don't understand where you are going wrong. I did this to epan/proto.c to figure out when I was using hf_... variables that I had left as having value -1 because I forgot to include them in the table I registered with proto_register_field_array(). 6. Add subtrees where appropriate in the dissector. Hope this helps, Josh Moore -----Original Message----- Date: Wed, 2 Apr 2008 13:59:32 +0200 From: "Auvray Julien" <juauvray@xxxxxxxxxxx> Subject: [Wireshark-dev] How to develop a pluginin wireshark To: <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <BLU114-DS3B2B5ABC0F0B640E1DEB7D8F40@xxxxxxx> Content-Type: text/plain; charset="utf-8" Hello everybody, I'm a beginner in WireShark and I have a job that consist in developing a plug-in that will capture SMTP traffic. This plug-in has to do the following : - Capture only the smtp traffic - Save each e-mail sent in a file in a specific folder. That's why I ask for any help. What documentation do I have to read? Is there some examples of plug-in that do that kind of job? Other advices? Thanks a lot, Best Regards Julien
- Prev by Date: [Wireshark-dev] How to develop a pluginin wireshark
- Next by Date: [Wireshark-dev] Error in FAQ File
- Previous by thread: [Wireshark-dev] How to develop a pluginin wireshark
- Next by thread: [Wireshark-dev] Error in FAQ File
- Index(es):