Simon Dreyer wrote:
http://www.codeproject.com/KB/IP/custom_dissector.aspx
Note: In "Configure Wireshark Build Environment (Win32)" in the above
certain things are a bit out-of-date. EG: the specific compiler
referenced ("Visual C++ 2005 Express Edition") is not the latest (and is
not the one currently used by Wireshark: VC++ 2008 EE (aka VC9)).
If you haven't already done so, make sure you're using the compiler &
etc versions as given in the Developer's Guide.
Also: It's not necessary to download and install a Platform SDK
with VC9.
I believe that following the Developer's Guide instructions exactly as
to setting up a Windows Wireshark build environment should work w/o
problems.
There are obviously two approaches to this:
1) incorporate the protocol as an integral part wireshark as I think you are
describing or
2) run it as a .dll plugin as I was trying to do (as per the tutorial).
I presume that this genisys protocol has not been implemented into the general
release of wireshark (it does not appear in the list of protocols) I only hope that
this is because it is a rather obscure protocol and not because it doesn't work.
It appears from acomment in the bug that a concern was expressed about
the way the dissector is coded.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3422#c5.
Getting back to the "Patch" thing, I have read all the stuff in the developers
manual and hope I understand it, is this what I have to do?
1) Click on the "New patch for genisys dissector" link at
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3422
2) Copy the code and paste it into a text file
3) save it as "add_genisys_dissector.diff" (or something similar)
4) copy the file into the c:\wireshark directory
5) open a command window and go to the c:\wireshark directory
6) type "patch -p0 <add_genisys_dissector.diff"
7) re-compile wireshark
Yes: The above is correct.
Two comments:
1. As noted, the patch is a year old. Looking quickly at the code in
the patch I see that there are two edits you'll need to make to
epan\dissectors\packet-genisys.c (after the patch is applied) and
before recompiling.
{ "Payload", "genisys.payload", FT_BYTES, BASE_HEX, NULL,
==>
{ "Payload", "genisys.payload", FT_BYTES, BASE_NONE, NULL,
{ "Junk", "genisys.junk", FT_BYTES, BASE_HEX, NULL,
==>
{ "Junk", "genisys.junk", FT_BYTES, BASE_NONE, NULL,
2. When re-compiling do 'nmake �f Makefile.nmake all'
The patch changes epan\crc16.h which is used in a number
of source files so a complete re-compile should be done.
(Normally a complete rebuild is not needed if only one or more .c
files are changed).