Wireshark Development

This is the development section of the Wireshark wiki.

Beginner?

If you are new to Wireshark development, please set up your build environment first:

• get the source code from the Wireshark development webpage

• Win32: the Developer's Guide is currently invaluable for setting up a Win32 development environment

• Unix-like: you may find information in the README.xxx file suitable for your target platform - in the root directory of the Wireshark sources

• Required Libraries and Packages: for essential and optional external dependencies on Unix and Windows, see the Library reference in the Wireshark Developer's Guide

Now it's time to tweak the code:

• doc/README.developer the best manual about Wireshark dissector development so far, you will also find that one in the documentation directory of the Wireshark sources - please read and thoroughly understand all of the "Portability" and "Robustness" sections before writing any Wireshark code!

• ... of course you should have a look at the Wireshark sources itself!

General

• Wireshark documentation webpage: the latest version of the Wireshark User's Guide and the Wireshark Developer's Guide in different formats (PDF, HTML, ...)

• /LifeCycle: Life Cycle information on Wireshark releases

• /Roadmap: Roadmap for upcoming Wireshark releases

• /Wishlist: Wish list for internal features and architectural changes (as opposed to user-visible features WishList)

• SendingFilesToWireshark: Tips on sending files to the Wireshark mailing lists

• /Translations: Why it's not a good idea to translate Wireshark into spanish/german/... language

Development

• CreatingPatches: Tips on creating patches before submitting them

• /SubmittingPatches: Introduction to using Git & Gerrit to submit and review patches

• /SecureProgramming How to write more secure code, e.g. replace insecure ANSI-C calls by more secure ones

• /CommonProblems: Some common problems while developing Wireshark

• /Tips: Some selected wisdom to ease development/debugging

• /FilenameEncoding: the various Unicode and code page encodings of filenames in GLib

• Lua: Extending Wireshark with the extensible extension language

• /LibpcapFileFormat A libpcap file format description

• /Canary Finding and fixing memory over- and under-runs with canaries

• Generic dissector (http://wsgd.free.fr/) : display clearly your data inside wireshark without any code

• pyreshark: A Wireshark plugin providing a simple interface for writing dissectors in Python.

• /Support_library_version_tracking A page for tracking what OS distributions came with what versions of various libraries with which Wireshark is built

• /WindowsLibs Describes how Windows libraries are built and the procedure for updating those.

• /StringHandling How string handling should work in Wireshark (ie encoding support, how to deal with invalid strings, etc)

Projects

Design ideas

• WiretapPcapng Changes to wiretap to support pcapng

• HighSpeedCapturing High speed capturing improvements

• DecryptionBlock Define a pcapng decryption block and use it to save decryption information in the file.

• PrefBlock Define a pcapng block to store the preference settings needed to view the file.

• PrivacySettings Add privacy settings to determine what to put in a pcapng file.

• Reduce memory footprint Ideas on how to find the memory hogs and reduce the memory usage

In progress

• /CustomColumnfication An ongoing project concerning predefined columns -> custom column migration

• /PrivilegeSeparation: A proposal to add privilege separation to Wireshark

• Mate: Meta Analysis and Tracing Engine

• /Security: Efforts to make Wireshark more secure

• /ExpertInfo: a better "user display" of network misbehaviour

• /PacketInput: how to get packet data into Wireshark in some "unusual" ways

• /OptimizePacketList: the packet list isn't optimized for the way we use it, could make a huge difference for large capture files

• /CSVExport: Formats and problems with exporting into the CSV format

• /multithreading: a list of what needs to be done in order to achieve it

• /SNMP: reworking of OID handling and SNMP dissector

• /Optimization: A patch for a faster but maybe slightly broken wireshark

• /FastFiltering: A patch for fast packet filtering interactively

• /PcapNg: Read/Write the "PCAP Next Generation Dump File Format" or pcapng

• Python : Extending Wireshark with Python

• SharkTools: A project that provides "matshark" and "pyshark", which integrate Wireshark's packet dissection engine into Matlab and Python.

Completed

• /DropWin32GTK1: Thoughts about dropping GTK1 support on Win32

• /PatchHandling: Changing patch handling policy

• /Examples: Example files, which are used by the various installers as default files

• ReplaceDeprecatedGtkGLibFunctionUsage: An ongoing project to replace use of deprecated GTK and GLib functions.

• GoingGTK3: A project to prepare the Shark to migrate from GTK+ 2 to GTK+ 3

• /QtShark: Qt based version of Wireshark.

• /Update: Check version and Update Wireshark on a frequent basis

Tools

• Asn2wrs: How to create a dissector using the ASN.1 compiler

• /WiresharkEnvCmd: A batch script to set environment variables useful for Windows development on older 1.12.x or earlier versions

• idl2wrs: CORBA IDL to Wireshark Plugin Generator idl2wrs

• FuzzTesting: tools to stress test protocol dissectors

• Pidl: A perl-based DCE/RPC IDL compiler (and Wireshark dissector generator) developed for Samba 4

• /CodeCoverage: check how much of your code is covered by the test cases

• /SourceMovie: generate a movie about code repository history

Discussion

CategoryCategory