HSC welcomes all external visitors to this site, especially students and members of the academic community. Please use the comments box at the bottom of each page to record any comments or suggestions for improvement.
This is an Informative page to give a step by step guide on how to add a new plugin to the existing wireshark open source code.
A plugin is required to add a new packet decoder to the existing wireshark framework
so that in case you add a new protocol you can see the
decoded packet in the GUI of wireshark both in the packet
capture window as well as packet summary window
Although alot of information is available on the wireshark website to this activity but i found some gaps and thought it would be good to have a ready reckoner for the same on wiki
Go to the link and download the code. In HSC case since the size limit is more than 10 MB you will have to ask IT helpdesk to do it for you :-)
FTP the tarred/zipped file on a linux box in a directory named asy /home/usera. Unzip/Untar the contents of this archive in the current working directory using the commands
"bunzip2" and "tar xvf". Th syntax of these commands may not
be correct so please a "man" for all of them. Once this is
done correctly you will see
a directory created by the name /home/usera/wireshark-1.0.6
which will have the entire tree of the compilable wireshark
code
Go to the directory wireshark-1.0.6 and execute the following commands
/home/usera/wireshark-1.0.6> ./autogen.sh
/home/usera/wireshark-1.0.6> ./configure
This will create all the makefiles and the environment shall be in a buildable form
now do a make in this directory
/home/usera/wireshark-1.0.6> make
The code will start compiling and it may take around 15-20 minutes for the first fresh build to complete
After the build is complete do a "make install". This shall enable you to run the wireshark which you have built and not the one which may already be installed on your system
/home/usera/wireshark-1.0.6> make install
After this is complete the wireshark can be executed
from this working directory
/home/usera/wireshark-1.0.6> ./wireshark
Please not that the wireshark command given above is not the wireshark executable which is built. This is the wireshark script which picks up the executable from the relevant directory and executes it.
In case you are executing wireshark from a remote machine please ensure that the display is correctly set to your machine
- Now to Add a new plugin you will have to go the directory
/home/usera/wireshark-1.0.6/plugins>
create a directory by the name of the plugin you want to add say "newplugin"
Now a set of entries have to be done in the existing makefiles so that the the environment is all set up in the wireshark base directory /home/usera/wireshark-1.0.6/ to pick up the files from the newplugin directory and build it
First of all at the root of the tree i.e in directory /home/usera/wireshark-1.0.6 change the file "configure". Search the word "plugins" and make an entry similar to the one made for any sample plugin like m2m or wimax. The entry to be made should look like
plugins/newplugin/Makefile
Modify the Makefile.am in the base directory /home/usera/wireshark-1.0.6 . Search for "dlopen" and add a new line which contains the following for newplugin as it contains for the sample plugin
-dlopen plugins/newplugin/libnewplugin.la
Please note that the name of the plugin library should be prefixed with a lib otherwise the environment shall give you an issue during compile time
Now move to the directory of plugins
/home/usera/wireshark-1.0.6/plugins>
In this directory modify the Makefile.am to add an entry for "newplugin". This entry causes the generated makefile to include the newplugin directory for buidling. The entry shall be made against SUBDIRS macro in the Makefile.am
Noew move to the new directory created in plugins directory. This is the directory in which you will keep your packet decoding code. So we move to directory /home/usera/wireshark-1.0.6/plugins/newplugin directory. Makefile.am needs to be created here. The best way to do the same is copy a "Makefile.am" for an existing plugin. In my case i copied it from /home/usera/wireshark-1.0.6/plugins/wimax.The existing lines shall be modified as mentioned below. Make sure that the library name is appended with a lib prefix
plugin_LTLIBRARIES = libnewplugin.la
libnewplugin_la_SOURCES =
plugin.c
moduleinfo.h
$(DISSECTOR_SRC)
$(DISSECTOR_SUPPORT_SRC)
$(DISSECTOR_INCLUDES)
libnewplugin_la_LDFLAGS = -module -avoid-version
libnewplugin_la_LIBADD = @PLUGIN_LIBS@
Make a note in the changes above two files "plugin.c" and "moduleinfo.h' which can again be copied from the existing plugin and modified as per your needs.Similar thing has to be done for Makefile.common.The "Makefile.common" should have the headers and sources you want to compile. basically the .c and .h which have the source code for the packet decoder
So just a check list on the files modified
/home/usera/wireshark-1.0.6/configure
/home/usera/wireshark-1.0.6/Makefile.am
/home/usera/wireshark-1.0.6/plugins/Makefile.am
/home/usera/wireshark-1.0.6/plugins/newplugin
---> This is the new directory created
/home/usera/wireshark-1.0.6/plugins/newplugin/Makefile.am--->
copied & modfied from some existing plugin
/home/usera/wireshark-1.0.6/plugins/newplugin/Makefile.common--->copied
& modfied from some existing plugin
/home/usera/wireshark-1.0.6/plugins/newplugin/plugin.c--->copied
& modfied from some existing plugin
/home/usera/wireshark-1.0.6/plugins/newplugin/moduleinfo.h--->copied
& modfied from some existing plugin
Please ensure that the protocol dissectors which are registered have a source code in the source code files you create in the source code file. Since these functions are defined in plugin.c and moduleinfo.h if there source code is missing the environment shall fail the compilation
You can ignore the files like Makefile.nmake and moduleinfo.nmake as they are used for windows compilation
Last but not the least the step by step guide on how to write a packet dissector source code is given in the developers guide of wireshark chapter 9.2.
After doing all this make sure you run ./autogen.sh from the base directory and ./configure. After you run a make
HAPPY DISSECTING :-) :-)
Comments
