Don’t use the protocol and then you wouldn’t have to
dissect it :-)
Windows or linux?
When you build your dissector make sure you build with symbols (different
than a debug build) and get yourself some debugging tools. For windows http://www.microsoft.com/whdc/Devtools/Debugging/default.mspx
you want to get 32bit for a 32 bit Wireshark or 64bit for a 64bit Wireshark. Don’t
get the IA64 unless you are on Itanium hardware.
Under windows
-You can use <debugging tools install>\adplus.vbs to
create -hang dumps (snapshots of memory) to see whats going on. Sounds like a
busy hang (cpu at 50%) so you will need to take 3 or more snapshots and see how
it moved from dump to dump
-You can attach with the debugger to Wireshark (<debugging
tools install>\windbg –pn Wireshark.exe) and with your symbols and
source code you can step through the code and see whats going on.
Under linux I have no idea, if you are under linux let me know
and ill see if I can get you some info
Hope that helps
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of sean bzd
Sent: Tuesday, January 12, 2010 1:53 PM
To: Community support list for Wireshark
Subject: [Wireshark-users] Debugging Wireshark dissector plugins
I asked a similar question before but got no response. Can
someone please provide some direction?
I have a custom dissector and works fine most of the time;
but sometimes, when I load the network capture containing packets (that the
dissector is supposed to understand), the Wireshark application just hangs. The
CPU consumption goes to 50% and stays there...it is as if it is in a tight
loop. I'm using version 1.2.2 but same happens with different versions of
wireshark; I know that the problem is in the dissector because if I remove the
dissector plugin, wireshark is able to load the capture file. But i need some
direction on how to proceed forward. Can i put some printfs in the dissector or
elsewhere? Any other ideas?