I was developing a Wireshark plug-in over the last week, and I wanted to document all the steps it took to get it really really working…
First off, I have to give a large credit to Ken Thompson’s CodeProject howto, this was a fantastic write-up, and is the basis of my notes.
The goals for my plug-in are:
- Dissect a private protocol used in our product. Aka the plug-in is intended for developer/support personnel only
- Must work against the current downloadable Wireshark build
My differences from Ken’s notes are:
You must use Visual Studio 6.0 if you want your plug-in to work with the official build
I found that Ken’s list of Cygwin requirements was not complete, and the
nmake –f Makefile.nmake setup
step was trying to download extra packages. To get out past the work firewall I had to add
set HTTP_PROXY=server_name:port
to my Cygwin.bat
- I also had some problems with non-existing group-policy paths in the PATH environment variable messing with setting up the VCVARS32.bat, so I added this line to reset the PATH
set path=%SystemRoot%system32
in the Cygwin.bat before the VCVARS.bat line
I based my dissector on the agentx plug-in.
pluginsagentx*
Borrowed how flags are done from the IP and UDP dissectors
epandissectorspacket-ip.cepandissectorspacket-udp.c
Borrowed how to make the dissector match many UDP ports, based on how HTTP uses prefs_register_range_preference.
epandissectorspacket-http.c
It’s been a fantastic learning experience, lots of banging my head against C code rules, but the output has been very useful.