Wireshark-dev: Re: [Wireshark-dev] Developing a dissector for MODBUS-based protocol

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Mon, 23 Jun 2008 17:40:34 -0600
On Mon, Jun 23, 2008 at 06:12:59PM +1000, Barnes, Pat wrote:

> The current modbus dissector is not suitable - it does not show the 
> data anywhere but in the raw output. I need to provide for example, 
> the name of the function in the packet summary, and the value of each 
> parameter by name in the detailed view.
> 
> My question is should I create the dissector as one that replaces 
> mbtcp (the modbus dissector), or as one that sits underneath mbtcp and 
> re-processes (and relabels) those modbus packets that it recognises?

Can you extend the current modbus dissector to interpret the data you 
need to see?

> Of course, I'm not really sure how to accomplish this second task, or 
> even really the first one. (I've read through 
> http://www.codeproject.com/KB/IP/custom_dissector.aspx and 
> http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html, and 
> have started 'tinkering' thus far)

Make sure to read doc/README.developer too.  Check out the latest source 
code from the SVN repository and set up your development environment.  
Are you going to be programming on Windows or Unix?  
http://www.wireshark.org/docs/wsdg_html_chunked/ChapterSetup.html should 
help you get going with the dev environment (if you don't already have 
one set up), but is mainly focused on Windows.


Steve