Wireshark Development

This is the development section of the Wireshark wiki.


If you are new to Wireshark development, please set up your build environment first:

Now it's time to tweak the code:

  • doc/README.developer the best manual about Wireshark dissector development so far, you will also find that one in the documentation directory of the Wireshark sources - please read and thoroughly understand all of the "Portability" and "Robustness" sections before writing any Wireshark code!

  • … of course you should have a look at the Wireshark sources itself!


  • Wireshark documentation webpage: the latest version of the Wireshark User's Guide and the Wireshark Developer's Guide in different formats (PDF, HTML, …)

  • LifeCycle: Life Cycle information on Wireshark releases

  • Roadmap: Roadmap for upcoming Wireshark releases

  • Wishlist: Wish list for internal features and architectural changes (as opposed to user-visible features WishList)

  • SendingFilesToWireshark: Tips on sending files to the Wireshark mailing lists

  • Translations: Why it's not a good idea to translate Wireshark into spanish/german/… language



  • Creating Patches: Tips on creating patches before submitting them

  • Submitting Patches: Introduction to using Git & GitLab to submit and review patches

  • Secure Programming How to write more secure code, e.g. replace insecure ANSI-C calls by more secure ones

  • Common Problems: Some common problems while developing Wireshark

  • Tips: Some selected wisdom to ease development/debugging

  • Libpcap File Format A libpcap file format description

  • Canary Finding and fixing memory over- and under-runs with canaries

  • pyreshark: A Wireshark plugin providing a simple interface for writing dissectors in Python.

  • Support library version tracking A page for tracking what OS distributions came with what versions of various libraries with which Wireshark is built

  • Windows Libraries Describes how Windows libraries are built and the procedure for updating those.

Character encodings

  • Character encodings: Character encodings used in Wireshark and the systems on which Wireshark runs

  • Platform string encoding: Dealing with non-UTF-8 strings other than strings in packets, such as file names and environment variables

Non-C dissectors

  • Lua: Extending Wireshark with the extensible extension language

  • Generic dissector (http://wsgd.free.fr/) : display clearly your data inside wireshark without any code


Design ideas

In progress

  • Custom Columnfication An ongoing project concerning predefined columns -> custom column migration

  • Privilege Separation: A proposal to add privilege separation to Wireshark

  • Mate: Meta Analysis and Tracing Engine

  • Security: Efforts to make Wireshark more secure

  • Packet Input: how to get packet data into Wireshark in some "unusual" ways

  • String handling in dissectors How string handling should work in Wireshark (ie encoding support, how to deal with invalid strings, etc)

  • Optimize PacketList: the packet list isn't optimized for the way we use it, could make a huge difference for large capture files

  • CSV Export: Formats and problems with exporting into the CSV format

  • Multithreading: a list of what needs to be done in order to achieve it

  • SNMP: reworking of OID handling and SNMP dissector

  • Optimization: A patch for a faster but maybe slightly broken wireshark

  • Fast Filtering: A patch for fast packet filtering interactively

  • Pcapng: Read/Write the "PCAP Next Generation Dump File Format" or pcapng

  • Python : Extending Wireshark with Python

  • SharkTools: A project that provides "matshark" and "pyshark", which integrate Wireshark's packet dissection engine into Matlab and Python.


  • DropWin32GTK1: Thoughts about dropping GTK1 support on Win32

  • Patch Handling: Changing patch handling policy

  • Examples: Example files, which are used by the various installers as default files

  • Replace Deprecated Gtk and GLib Function Usage: An ongoing project to replace use of deprecated GTK and GLib functions.

  • Going GTK3: A project to prepare the Shark to migrate from GTK+ 2 to GTK+ 3

  • QtShark: Qt based version of Wireshark.

  • sharkd: A program that makes Wireshark capabilities available via a programmatic interface.

  • Update: Check version and Update Wireshark on a frequent basis


  • Asn2wrs: How to create a dissector using the ASN.1 compiler

  • WiresharkEnvCmd: A batch script to set environment variables useful for Windows development on older 1.12.x or earlier versions

  • idl2wrs: CORBA IDL to Wireshark Plugin Generator idl2wrs

  • Fuzz Testing: tools to stress test protocol dissectors

  • Pidl: A perl-based DCE/RPC IDL compiler (and Wireshark dissector generator) developed for Samba 4

  • /CodeCoverage: check how much of your code is covered by the test cases

  • /SourceMovie: generate a movie about code repository history


Imported from https://wiki.wireshark.org/Development on 2020-08-11 23:12:38 UTC