关于wireshark插件开发.

写完你的解析源码后(C语言)，然后进行编译工作。windows上编译wireshark,相对复杂，生成dll文件后，拷贝到你的安装目录下就可以了。Linux下编译非常简单，./autogen.sh, ./configure,make,make install,wireshark就可以了。

可参考wireshark开发手册http://www.wireshark.org/docs/wsdg_html_chunked/ChapterIntroduction.html

1.0 Introduction

Wireshark is a powerful open source tool used to dissect Ethernet packets. Have you ever wondered what it takes to implement your own custom dissector? Furthermore, have you attempted to learn Wireshark's API and found it difficult to understand? This article will attempt to demystify the development of your very own protocol dissector. This article uses Amin Gholiha's "A Simple IOCP Server/Client class" [^] as a basis for dissection, thus producing the AMIN protocol.

1.1 Requirements

• This article expects the reader to be familiar with structured C, TCP/IP.
• The source code has been designed to compile on Windows. A Linux version of this article may be produced at another time.
• A basic knowledge of how to use Wireshark to capture packets.
• A C++ compiler. VS2005/VS2003/VC++6/VS2005EE.

2.0 Configure Wireshark Build Environment (Win32)

The Wireshark developer's guide [^] features a section on setting up the Win32 environment, which I found to be invaluable. This section will paraphrase much of the information found there.

Step 1. C Compiler

If you do not have VS2005/VS2003 etc., you will need to download and install "Visual C++ 2005 Express Edition"[^].

Step 2. Platform SDK

You must download and install the Platform SDK Server 2003 R2[^].

Step 3. Install Cygwin

This guide will not go into great details about the Cygwin package. In short, it allows Wireshark to be compiled on Windows and Linux – which is quite a feat. 
Download the Cygwin installer and start it.

At the "Select Packages" page, you will need to select some additional packages which are not installed by default. Navigate to the required Category/Package row, and click on the "Skip" item in the "New" column so it shows a version number for:

• Archive/unzip
• Devel/bison
• Devel/flex
• Interpreters/perl
• Utils/patch
• Web/wget

After clicking the Next button several times, the setup will then download and install the selected packages (this may take a while).

Step 4. Install Python

Get the Python 2.4 installer and install Python into the default location. Note: Python 2.5 doesn't work out of the box, so avoid it.

WIRESHARK_LIBS	The location of your Wireshark library
MSVC_VARIANT	Your version of Microsoft Visual Studio C++
GTK1_DIR	$(WIRESHARK_LIBS)/gtk+	use # to comment this line out as if you plan to use the latest version GTK 2
GTK2_DIR	$(WIRESHARK_LIBS)/gtk2	Default
CYGWIN_PATH	The path of Cygwin bin directory
PYTHON	The path of python	you can install standalone version of python, or use the default python in Cygwin/bin
MAKENSIS	The path of MakeNsis	use # to comment this line out if you haven’t installed MakeNsis
HHC_DIR	$(PROGRAM_FILES)/HTML Help Workshop/	use # to comment this line out if you haven’t installed Html Help Workshop
INSTALL1_DIR	wireshark-gtk1	use # to comment this line out if you don’t want to generate GTK 1 version’s Wireshark

                                                                                                                Table 1. Configuration Change

Verify Whether All Tools Is Available

Open a command window, switch to the bin directory of your Visual Studio C++ (If use Visual Studio.net 2003, it will be C:/Program Files/Microsoft Visual Studio .NET 2003/Vc7/bin).

Run vcvars32.bat in the command window.

DON’T CLOSE THIS COMMAND WINDOW AND ALL OTHER COMMANDS SHOULD BE EXECUTED IN THE SAME WINDOW!

Then in the same command window, switch to the directory of Wireshark source code, and execute this command to verify tools.

nmake –f makefile.nmake verify_tools

ttp Proxy Setting( 这里两步可略过，直接下载源码包（zip格式），放到 WIRESHARK_LIBS）中。

Before downloading Wireshark library, you need to set HTTP proxy if you can’t access the Wireshark library server directly.

Create a new System Variable with the name HTTP_PROXY and the value as proxy profile (like http://wtd.xxx.com/proxy.pac).

Download the Wireshark Library

Execute this command to download library with wget.

nmake –f makefile.nmake setup

Normally it takes about 30 minutes to download all libraries. When it finishes, it will tell you it’s ready to build Wireshark now.

Build Wireshark

Before building, execute this command to clean the temporary files of previous build.

nmake –f makefile.nmake distclean

Execute this command to build Wireshark.

nmake –f makefile.nmake all

这样基本上就完成了，在wireshark1.0.4 和visual 2003.net上编译通过。

至于 Your Dissector Code，可参考其它plugins中的源码。

{ &hf_payloadlen,

{ "PayloadLen          ","relaod.payloadlen",FT_UINT24,BASE_HEX_DEC,NULL,0x0,"payload payloadlen",HFILL}},

{ &hf_peeridlen,

{ "PeerID Length       ","reload.peeridlen",FT_UINT16,BASE_HEX_DEC,NULL,0x0,"payload peeridlen",HFILL}},

{ &hf_peerid,

{ "PeerID              ","reload.peerid",FT_STRING,BASE_HEX_DEC,NULL,0x0,"payload peerid",HFILL}},