Wireshark Developer’s Guide
Next
Wireshark Developer’s Guide
Table of Contents
Preface
1. Foreword
2. Who should read this document?
3. Acknowledgements
4. About this document
5. Where to get the latest copy of this document?
6. Providing feedback about this document
7. Typographic Conventions
I. Wireshark Build Environment
1. Introduction
1.1. Introduction
1.2. What is Wireshark?
1.3. Supported Platforms
1.4. Development and maintenance of Wireshark
1.5. Releases and distributions
1.6. Automated Builds (Buildbot)
1.7. Reporting problems and getting help
2. Quick Setup
2.1. UNIX: Installation
2.2. Win32/64: Step-by-Step Guide
3. Work with the Wireshark sources
3.1. Introduction
3.2. The Wireshark Git repository
3.3. Obtain the Wireshark sources
3.4. Update the Wireshark sources
3.5. Build Wireshark
3.6. Run generated Wireshark
3.7. Debug your generated Wireshark
3.8. Make changes to the Wireshark sources
3.9. Contribute your changes
3.10. Apply a patch from someone else
3.11. Binary packaging
4. Tool Reference
4.1. Introduction
4.2. Chocolatey
4.3. Windows: Cygwin
4.4. CMake
4.5. GNU compiler toolchain (UNIX and UNIX-like platforms only)
4.6. Microsoft compiler toolchain (Windows native)
4.7. Documentation Toolchain
4.8. bash
4.9. Python
4.10. Perl
4.11. Bison
4.12. Flex
4.13. Git client
4.14. Git Powershell Extensions (optional)
4.15. Git GUI client (optional)
4.16. patch (optional)
4.17. Windows: NSIS (optional)
4.18. Windows: PortableApps (optional)
5. Library Reference
5.1. Introduction
5.2. Binary library formats
5.3. Win32: Automated library download
5.4. Qt
5.5. GTK+ / GLib / GDK / Pango / ATK / GNU gettext / GNU libiconv
5.6. SMI (optional)
5.7. c-ares (optional)
5.8. zlib (optional)
5.9. libpcap/WinPcap (optional)
5.10. GnuTLS (optional)
5.11. Gcrypt
5.12. Kerberos (optional)
5.13. LUA (optional)
5.14. PortAudio (optional)
5.15. MaxMindDB (optional)
5.16. WinSparkle (optional)
II. Wireshark Development
6. How Wireshark Works
6.1. Introduction
6.2. Overview
6.3. Capturing packets
6.4. Capture Files
6.5. Dissect packets
7. Introduction
7.1. Source overview
7.2. Coding Style
7.3. The GLib library
8. Packet capturing
8.1. How to add a new capture type to libpcap
9. Packet dissection
9.1. How it works
9.2. Adding a basic dissector
9.3. How to handle transformed data
9.4. How to reassemble split packets
9.5. How to tap protocols
9.6. How to produce protocol stats
9.7. How to use conversations
9.8.
idl2wrs
: Creating dissectors from CORBA IDL files
10. Lua Support in Wireshark
10.1. Introduction
10.2. Example of Dissector written in Lua
10.3. Example of Listener written in Lua
11. Wireshark’s Lua API Reference Manual
11.1. Saving capture files
11.2. Obtaining dissection data
11.3. GUI support
11.4. Post-dissection packet analysis
11.5. Obtaining packet information
11.6. Functions for new protocols and dissectors
11.7. Adding information to the dissection tree
11.8. Functions for handling packet data
11.9. Custom file format reading/writing
11.10. Directory handling functions
11.11. Utility Functions
11.12. Handling 64-bit Integers
11.13. Binary encode/decode support
11.14. GLib Regular Expressions
12. User Interface
12.1. Introduction
12.2. The Qt Application Framework
12.3. The GTK library
12.4. Human Interface Reference Documents
12.5. Adding/Extending Dialogs
12.6. Widget naming
12.7. Common GTK programming pitfalls
13. This Document’s License (GPL)
List of Figures
6.1.
Wireshark function blocks
List of Tables
1.
Typographic Conventions
List of Examples
9.1.
Dissector Initialisation.
9.2.
Dissector Handoff.
9.3.
Dissection.
9.4.
Plugin Packet Dissection.
9.5.
Registering data structures.
9.6.
Dissector data structure globals.
9.7.
Dissector starting to dissect the packets.
9.8.
Wrapping up the packet dissection.
9.9.
Naming the packet types.
9.10.
Adding Names to the protocol.
9.11.
Adding Flags to the protocol.
9.12.
Enhancing the display.
9.13.
Decompressing data packets for dissection.
9.14.
Reassembling fragments - Part 1
9.15.
Reassembling fragments part 2
9.16.
Reassembling fragments - Initialisation
9.17.
Reassembling fragments - Data
9.18.
Reassembling TCP fragments
9.19.
Initialising a tap
9.20.
Calling a protocol tap
9.21.
Initialising a stats interface
9.22.
Initialising a stats session
9.23.
Generating the stats