Hi,
The "module" you are refering to is called a "dissector" in Wireshark
lingo. A dissector can come in two forms, either build into the
application itself (well, libwireshark that is) or as a plugin.
On a Win32 platform that would be libwireshark.dll and "protocolname".dll
respectively.
What this dissector will do it register itself as being interested in UDP
traffic (or if possible even more specific, like UDP on port number X) and
once it gets handed a payload, it tries:
1. to determine if its a payload of his protocol, and if so
2. display his interpretation of that payload
There is some explanation and sample code in the Wireshark source tree, to
start with. The doc/ directory has interesting stuff as well, as does the
Wireshark Developer Guide.
Thanx,
Jaap
On Tue, 19 Sep 2006, Bard Jason A NPRI wrote:
> Hello all,
>
> I have been trying to figure how, if possible, I can write a "module"
> that will further decode data in a UDP packet for troubleshooting in the
> Packet Details window. So rather than the rest of the packet after the
> User Datagram Protocol being lumped into "Data" which I have to look at
> in hex, I would have another subtree that would break down the info in
> the data portion into a more human readable format (the data is binary).
> I have something that does this now, but only in Etherpeek, they call
> them Analysis Modules. The module was given to me as a dll with no
> source and I would like to use this for a different project I am on. I
> would like to get away from Etherpeek to a more open source solution.
>
> I have seen that there is an experimental project called MATE for
> Wireshark, but I am not sure if this is what I am looking for. Can
> someone steer me in the right direction here? I think part of my
> problem is that I just can't seem to Google the right combination of
> words to describe this as I am sure that it must exist. Thanks in
> advance!
>
> Jason
>