Could you tell me please, how can I exactly creat plugin/dissector/decoder for my own type of packets, protocol in WireShark on Windows. What should I do? or some kind of approach? Know-how with some examples of docoder. Thank for all suggestions.
How to creat plugin for my own wireshark dissector?
2.9k views Asked by Daniel.P At
2
There are 2 answers
0
On
There are three ways to write a custom dissector for Wireshark:
- C++
- Lua
- Wireshark Generic Dissector
Several years ago, I needed to write a dissector for a custom protocol my company uses. I compared the three options and learned a bit about them. C++ is the fastest execution but most difficult to learn and use. Lua and WSGD are about the same in execution speed. Lua dissector is built-in to Wireshark, however, I found that it is more difficult to learn because you need to learn a language (Lua) and then how to write dissectors in the language. WSGD is a language designed specially for writing dissectors. It is more like a structure definition that a flow-control language. The WSGD website has documentation and examples. It is hard to find documentation and examples for Lua and how writing dissectors in it.
In 2015 Graham Bioice presented "Writing a Wireshark Dissector Using WSGD, Lua and C". It's a very through presentation on the topic, although it was too late to help me. You can get the slide deck and see the presentation at:
For the reasons I listed above, I choose WSGD. I have written several thousand lines to create dissectors for three custom protocols in WSGD. I highly recommend it. The WSGD website is http://wsgd.free.fr
There is no way to answer this succinctly, as it depends on a lot of things, not the least of which is your OS and development environment. For starters, try reading the Wireshark Developer's Guide and the various
README's, especially:README.developer- A must-read for getting started.README.dissector- Another must-read with skeleton code examples.README.plugins- Only need to read if you want to write a plugin instead of a so-called built-in dissector.Of course there are many other
README's that provide information on a variety of topics. There are also many Wireshark dissectors and plugins that you can look at as examples.