Wireshark-dev: Re: [Wireshark-dev] Developing a dissector for MODBUS-based protocol

From: "Barnes, Pat" <Pat.Barnes@xxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Jun 2008 10:06:11 +1000
Thanks for your advice - I hadn't seen the doc/ folder in the source
tree.

I've managed to get the dev environment up and running in windows
(VC2005) ... Although the 1.0.0 release wouldn't build due to a flex bug
(2493), r25469 is working fine thus far.

I don't think modifying the existing modbus dissector is the answer -
there will be *real* modbus traffic on the network as well.

It would be ideal if the modbus dissector could do its analysis first,
and our 'mbrpc' dissector would run afterwards if
(modbus_tcp.func_code==23&&modbus_tcp.write_addr>0x1000) is satisfied,
further interpreting the packet.

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen Fisher
Sent: Tuesday, 24 June 2008 9:41 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Developing a dissector for MODBUS-based
protocol

On Mon, Jun 23, 2008 at 06:12:59PM +1000, Barnes, Pat wrote:

> The current modbus dissector is not suitable - it does not show the 
> data anywhere but in the raw output. I need to provide for example, 
> the name of the function in the packet summary, and the value of each 
> parameter by name in the detailed view.
> 
> My question is should I create the dissector as one that replaces 
> mbtcp (the modbus dissector), or as one that sits underneath mbtcp and

> re-processes (and relabels) those modbus packets that it recognises?

Can you extend the current modbus dissector to interpret the data you
need to see?

> Of course, I'm not really sure how to accomplish this second task, or 
> even really the first one. (I've read through 
> http://www.codeproject.com/KB/IP/custom_dissector.aspx and 
> http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html, and

> have started 'tinkering' thus far)

Make sure to read doc/README.developer too.  Check out the latest source
code from the SVN repository and set up your development environment.  
Are you going to be programming on Windows or Unix?  
http://www.wireshark.org/docs/wsdg_html_chunked/ChapterSetup.html should
help you get going with the dev environment (if you don't already have
one set up), but is mainly focused on Windows.


Steve
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev



DISCLAIMER:---------------------------------------------------------------------------
This e-mail transmission and any documents, files and previous e-mail messages
attached to it are private and confidential. They may contain proprietary or copyright
material or information that is subject to legal professional privilege. They are for
the use of the intended recipient only.  Any unauthorised viewing, use, disclosure,
copying, alteration, storage or distribution of, or reliance on, this message is
strictly prohibited. No part may be reproduced, adapted or transmitted without the
written permission of the owner. If you have received this transmission in error, or
are not an authorised recipient, please immediately notify the sender by return email,
delete this message and all copies from your e-mail system, and destroy any printed
copies. Receipt by anyone other than the intended recipient should not be deemed a
waiver of any privilege or protection. Thales Australia does not warrant or represent
that this e-mail or any documents, files and previous e-mail messages attached are
error or virus free.
--------------------------------------------------------------------------------------