Wireshark-dev: Re: [Wireshark-dev] Not seeing FOO Dissector in wireshark after successful build

From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Tue, 23 Apr 2019 00:58:50 +0100
Hi Abhisek,

On Sun, Apr 21, 2019 at 02:31:07AM -0400, Abhisek Techie wrote:
> I am trying to  add FOO dissector as plugin  to wireshark .I am following
> https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html link.
> But not seeing the dissector in wireshark after successful build in my
> Ubuntu 18.04.2 LTS OS.
> 
> Below are the steps I performed -
> 1.Created packet-foo.c - Dissector source. under /plugin/epan/foo
> 2.Created CMakeLists.txt  under /plugin/epan/foo
> 3.Added CMakeListsCustom.txt  set(CUSTOM_PLUGIN_SRC_DIR plugins/epan/foo)
> 4.Built  the changes and could see *foo.so* getting generated in build
> folder
> cmake -G Ninja ../wireshark
> ninja
> 5. Ran wireshark with *sudo* command , as I was not able to capture any
> traffic using non-root user
> sudo WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ./run/wireshark
> 6.Generated traffic on port 1234 using python code
> 7. But don't see the protocol name as *FOO* in the packet list pane , it
> still shows *UDP* as the protocol .
> 
> Any suggestions  on what I am missing?

Just to be sure, have you checked whether the protocol is actually
loaded? That would be the first step before actually checking whether
the dissector is called. You can do this by inspecting the output of
'tshark -G protocols' or View -> Internals -> Supported Protocols.

If the protocol does not show there, check whether the plugin was
actually loaded with 'tshark -G plugins' or Help -> About -> Plugins.
Example output:

    $ tshark -G plugins
    ethercat.so             0.1.0   dissector       /tmp/wsbuild/run/plugins/3.1/epan/ethercat.so
    gryphon.so              0.0.4   dissector       /tmp/wsbuild/run/plugins/3.1/epan/gryphon.so
    irda.so                 0.0.6   dissector       /tmp/wsbuild/run/plugins/3.1/epan/irda.so
    mate.so                 1.0.1   dissector       /tmp/wsbuild/run/plugins/3.1/epan/mate.so
    ...

To avoid sudo, fix the capabilities on dumpcap, see
https://wiki.wireshark.org/Development/Tips#Running_dumpcap_on_Linux_as_unprivileged_user
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl