Part II. Wireshark Development

Wireshark Development

The second part describes how the Wireshark sources are structured and how to change the sources such as adding a new dissector.

Table of Contents

6. Introduction
6.1. Source overview
6.2. Coding Style
6.3. The GLib library
7. How Wireshark Works
7.1. Introduction
7.2. Overview
7.3. Capturing packets
7.4. Capture Files
7.5. Dissect packets
8. Packet Capture
8.1. Adding A New Capture Type To Libpcap
8.2. Adding Capture Interfaces And Log Sources Using Extcap
8.2.1. Extcap Command Line Interface
8.2.2. Extcap Arguments
8.2.3. Toolbar Controls
9. Packet Dissection
9.1. How packet dissection works
9.2. Adding a basic dissector
9.2.1. Setting up the dissector
9.2.2. Dissecting the protocol’s details
9.2.3. Improving the dissection information
9.3. How to add an expert item
9.4. How to handle transformed data
9.5. How to reassemble split packets
9.5.1. How to reassemble split UDP packets
9.5.2. How to reassemble split TCP Packets
9.6. How to tap protocols
9.6.1. How to produce protocol statistics (stats)
9.6.2. How to follow protocol streams
9.7. How to use conversations
9.8. idl2wrs: Creating dissectors from CORBA IDL files
9.8.1. What is it?
9.8.2. Why do this?
9.8.3. How to use idl2wrs
9.8.4. TODO
9.8.5. Limitations
9.8.6. Notes
10. Lua Support in Wireshark
10.1. Introduction
10.2. Example: Creating a Menu with Lua
10.3. Example: Dissector written in Lua
10.4. Example: Listener written in Lua
10.5. Example: Lua scripts with shared modules
11. Wireshark’s Lua API Reference Manual
11.1. Utility Functions
11.1.1. Global Functions
11.2. GUI Support
11.2.1. ProgDlg
11.2.2. TextWindow
11.2.3. Global Functions
11.3. Functions For New Protocols And Dissectors
11.3.1. Dissector
11.3.2. DissectorTable
11.3.3. Pref
11.3.4. Prefs
11.3.5. Proto
11.3.6. ProtoExpert
11.3.7. ProtoField
11.3.8. Global Functions
11.4. Obtaining Dissection Data
11.4.1. Field
11.4.2. FieldInfo
11.4.3. Global Functions
11.5. Obtaining Packet Information
11.5.1. Address
11.5.2. Column
11.5.3. Columns
11.5.4. NSTime
11.5.5. Pinfo
11.5.6. PrivateTable
11.6. Functions For Handling Packet Data
11.6.1. ByteArray
11.6.2. Tvb
11.6.3. TvbRange
11.7. Adding Information To The Dissection Tree
11.7.1. TreeItem
11.8. Post-Dissection Packet Analysis
11.8.1. Listener
11.9. Saving Capture Files
11.9.1. Dumper
11.9.2. PseudoHeader
11.10. Wtap Functions For Handling Capture File Types
11.10.1. Global Functions
11.11. Custom File Format Reading And Writing
11.11.1. CaptureInfo
11.11.2. CaptureInfoConst
11.11.3. File
11.11.4. FileHandler
11.11.5. FrameInfo
11.11.6. FrameInfoConst
11.11.7. Global Functions
11.12. Directory Handling Functions
11.12.1. Dir
11.12.2. Example
11.12.3. Example
11.13. Handling 64-bit Integers
11.13.1. Int64
11.13.2. UInt64
11.14. Binary encode/decode support
11.14.1. Struct
11.15. PCRE2 Regular Expressions
11.16. Bitwise Operations
12. User Interface
12.1. Introduction
12.2. The Qt Application Framework
12.2.1. User Experience Considerations
12.2.2. Qt Creator
12.2.3. Source Code Overview
12.2.4. Coding Practices and Naming Conventions
12.2.5. Other Issues and Information
12.3. Human Interface Reference Documents
13. Wireshark Tests
13.1. Quick Start
13.2. Test suite structure
13.2.1. Test Coverage And Availability
13.2.2. Suites, Cases, and Tests
13.2.3. pytest fixtures
13.3. Listing And Running Tests
13.4. Adding Or Modifying Tests
13.5. External Tests
13.5.1. Custom Fixtures
14. Creating ASN.1 Dissectors
14.1. About ASN.1
14.2. ASN.1 Dissector Requirements
14.2.1. Building An ASN.1-Based Plugin
14.3. Understanding Error Messages
14.4. Hand-Massaging The ASN.1 File
14.5. Command Line Syntax
14.6. Generated Files
14.7. Step By Step Instructions
14.8. Hints For Using Asn2wrs
14.8.1. ANY And Parameterized Types
14.8.2. Tagged Assignments
14.8.3. Untagged CHOICEs
14.8.4. Imported Module Name Conflicts
14.9. Simple ASN.1-Based Dissector
14.10. Conformance (.cnf) Files
14.10.1. Example .cnf File
14.10.2. Example packet-protocol-template.h File
14.10.3. Example packet-protocol-template.c File
14.11. Conformance File Directive Reference
14.11.1. #.END
14.11.2. #.EXPORTS
14.11.3. #.FN_BODY
14.11.4. #.MODULE_IMPORT And #.INCLUDE
14.11.5. #.MODULE_IMPORT
14.11.6. #.INCLUDE
14.11.7. #.NO_EMIT And #.USER_DEFINED
14.11.8. #.PDU and #.PDU_NEW
14.11.9. #.REGISTER and #.REGISTER_NEW
15. This Document’s License (GPL)