Wireshark-dev: Re: [Wireshark-dev] Compiling Plugin error

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Mon, 26 Nov 2012 17:49:07 -0500
Matteo Di Cosmo wrote:
Hi Jeff, martin,

many thanks for your very precious help.

I just solved the problem..yes..of course, getting a new one:)

Repeating one more time the procedure explained in the README.plugin, I figured out that in the previous plugin/ipmb/makefile.common (the one included with the plugin .tar file) there is a backslash that should has not be there (the one next to the .c file):

# the dissector sources (without any helpers)
DISSECTOR_SRC = \
	packet-ipmb.c \
--------------------------------------------
After deleting it everything worked.

Now the problem is that when I open wireshark and I go on About/Plugin I cannon see any list..I expected the list with the new plugin..

So you're saying there are no plugins at all listed? Are you running Wireshark from the build directory or did you install it first?

Note that Wireshark won't load the plugins if you're running from the build directory as the root user.

Coming back to the topic �why should you use this plugin�, I will enter more in detail regarding  my goal.

As I said, I have physical access to the i2c Bus. In order to interface my computer with the bus I use a Beagle i2c Protocol Analyzer (http://www.totalphase.com/products/beagle_ism/) capturing raw data. What I want to do is to make wireshark able to recognize in real time
 the IPMI packets getting throught the bus. (so i want to decode raw data into ipmi readable packets)

On the same link where I downloaded the packet an additional tool is available which is called i2c_Analyzer.
From the furnished documentation, this is the tool used to capture data from the Beagle.
 In order read the decoded data on Wireshark the HEX generated file must be elaborated by text2pcap that will generate
 the .pcap capture file. This doesn't satisfy my needs since it is not real time but it would be already a good tool.

Note that the plugin in bug 1970 is a decoder plugin. It does not allow Wireshark to capture i2c directly. To make Wireshark capture i2c directly would require (possibly significant) work in libpcap (not Wireshark).

As previously mentioned, Wireshark should already understand enough of IPMI to decode it without the plugin from bug 1970. In other words, the plugin from bug 1970 should not be necessary at this point (that's why the bug is closed as WONTFIX).

Finally, the reason why I thought this plugin was necessary was because there was a Beagle Analyzer in the middle..
If not, the i2c_Analyzer would had not sense...

In your opinion, would it be possible start capturing data with the beagle, open a wireshark capture session on the beagle USB port and magically read IPMI?

I don't know much about capturing USB data but I would think this would not work. Wireshark would not know that the USB blobs (for lack of a better word) coming over from the Beagle device were IPMI.

Regards,
-Jeff

________________________________________
From: wireshark-dev-bounces@xxxxxxxxxxxxx [wireshark-dev-bounces@xxxxxxxxxxxxx] on behalf of Martin Kaiser [lists@xxxxxxxxx]
Sent: 19 November 2012 16:30
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] Compiling Plugin error

Hi Matteo, Jeff,

Thus wrote Jeff Morriss (jeff.morriss.ws@xxxxxxxxx):

Matteo Di Cosmo wrote:

Dear all,

I'm new in Wireshark and I'm trying to sniff IPMI packets throught a
i2c bus.

To do this I need to compile a plugin which has been previously
developed in the context of (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1970 ) .

Actually, my first question is why do I need to add this plugin if
wireshark already cames out with a ipmb dissector?

Well, I wouldn't think that you need to.  The "new" (compared to that
in bug 1970) IPMI dissector stuff is built-in (see
epan/dissectors/packet-*ipmi*).

Why do you think you need to add the plugin?

Matteo: If your data isn't decoded correctly, did you set

Edit / Preferences / Protocols / I2C / Bus/Data type

to IPMB? I guess it defaults to "None (raw i2c)".

Regards,

   Martin