Write a Wireshark plug-in for private protocols

Write a Wireshark plug-in for private protocols

 

A Wireshark plug-in is written for the company's private protocol. In this way, we can intuitively analyze the captured packages and make development and debugging easier.

 

First, Wireshark compilation is quite difficult. There are also a lot of errors referring to the net text and the official developer guide of Wireshark, And the wireshark EXE file generated at the end cannot be executed... Fortunately, compiled plug-ins can be used :)

 

There are many mistakes, omissions, or notes that are not mentioned in the net document.

 

For example, you can use the svn client to check out a Wireshark code. In fact, when the check out code is sent to Windows, it may be in DOS format and some characters that the compiler cannot recognize may appear, of course, you can run commands such as dos2unix to convert every file at this time. However, I think it is better to download a stable version of the Code compressed package directly to the wireshark official website. If you download it and decompress it, this problem will not occur.

 

Also, for example, add the bin directory of cygwin to the path environment variable. Otherwise, an error message such as what Bash is will appear.

 

There is also a msvcr dll path in config. nmake. The default path is the English version of vs. If you install the Chinese version, you need to change it accordingly.

 

There is a database geoip, which seems to be faulty when vs 2003 is used. When you connect, you are prompted to find the msvcr library of vc90. I directly removed the optional library geoip from makefile, in the source code, where IP-packet is referenced, the macro UNDEF is also used. Finally, the compilation is successful, and the generated Wireshark executable file is also running.

 

Of course, you need to write the makefile of the plug-in, familiarize yourself with the protocol message format, and see how to write the plug-in developer guide.

 

After the plug-in is written, it is very convenient for preliminary use in the project test, and you can quickly see the effect and correctness of the Code.

Bytes -------------------------------------------------------------------------------------------------

For more blog posts, please subscribe to RSS. For more Weibo posts, please follow @ Qianli lone row nerd