Hi Abhisek,
On Sun, Apr 21, 2019 at 02:31:07AM -0400, Abhisek Techie wrote:
> I am trying to add FOO dissector as plugin to wireshark .I am following
> https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html link.
> But not seeing the dissector in wireshark after successful build in my
> Ubuntu 18.04.2 LTS OS.
>
> Below are the steps I performed -
> 1.Created packet-foo.c - Dissector source. under /plugin/epan/foo
> 2.Created CMakeLists.txt under /plugin/epan/foo
> 3.Added CMakeListsCustom.txt set(CUSTOM_PLUGIN_SRC_DIR plugins/epan/foo)
> 4.Built the changes and could see *foo.so* getting generated in build
> folder
> cmake -G Ninja ../wireshark
> ninja
> 5. Ran wireshark with *sudo* command , as I was not able to capture any
> traffic using non-root user
> sudo WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ./run/wireshark
> 6.Generated traffic on port 1234 using python code
> 7. But don't see the protocol name as *FOO* in the packet list pane , it
> still shows *UDP* as the protocol .
>
> Any suggestions on what I am missing?
Just to be sure, have you checked whether the protocol is actually
loaded? That would be the first step before actually checking whether
the dissector is called. You can do this by inspecting the output of
'tshark -G protocols' or View -> Internals -> Supported Protocols.
If the protocol does not show there, check whether the plugin was
actually loaded with 'tshark -G plugins' or Help -> About -> Plugins.
Example output:
$ tshark -G plugins
ethercat.so 0.1.0 dissector /tmp/wsbuild/run/plugins/3.1/epan/ethercat.so
gryphon.so 0.0.4 dissector /tmp/wsbuild/run/plugins/3.1/epan/gryphon.so
irda.so 0.0.6 dissector /tmp/wsbuild/run/plugins/3.1/epan/irda.so
mate.so 1.0.1 dissector /tmp/wsbuild/run/plugins/3.1/epan/mate.so
...
To avoid sudo, fix the capabilities on dumpcap, see
https://wiki.wireshark.org/Development/Tips#Running_dumpcap_on_Linux_as_unprivileged_user
--
Kind regards,
Peter Wu
https://lekensteyn.nl