On Mon, Mar 16, 2020 at 7:37 AM Ankish Shah <ankishshah998...@gmail.com> wrote:
> I've downloaded and built wireshark on Ubuntu machine and I was going > through the documentation of building new dissectors. > I have a couple of doubts. > 1. When I write code for a new dissector, do I have to build the entire > wireshark once again (it takes around 10-12 mins on my system), or is there > any option to compile only the new files and see the results? > The build system just compiles what changed on disk. You can skip the linking phase, if you want to just compile your dissector, by issuing make/ninja epan/dissectors/CMakeFiles/dissectors.dir/packet-dns.c.o (to compile packet-dns.c, for instance). But this won't give you a fully functional wireshark, just serves to see if your dissector compiles. > 2. Once I code new dissectors, how do I test it using wireshark? For > example, if you create a dissector to capture packets on port '12345' and > the packet includes a flag bit and an ipv4 address, how do you actually > create the packet, send it on port 12345 and see the results on wireshark? > You have bunch of options here. From writing a pcap file manually yourself, to write your payload manually and send it through the network with netcat, to use high level software such as scapy. It really depends on your knowledge of the protocol and on your confidence with the raw hex writing. Wireshark doesn't give support for writing sample captures. My suggestion is: start from an existing capture (in pcap format, that is easier), modify it with hex editors such as ghex2 on ubuntu, and open it from disk with wireshark, without involving the network. After all you're working on a dissector that works both on captured or saved traffic.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
