Wireshark-users: Re: [Wireshark-users] How does Wireshark implement protocol stack?
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Mon, 19 Dec 2011 15:23:05 +0100
On 2011-12-19 13:45, 吴斌斌 wrote:

Hi there:
My team is now working on a data capture device.
We can get all data from wire, from LLC layer to application layer. But we don't know how to parse packets. I know Wireshark allows developers to reach their own protocol parser based on protocol charectoristics, ports or so. You must have designed a high-performance packet parser. So what
is it? Which license is it under?
THANK YOU.

Hi,

Several avenues to choose from. First of all subscribe to the developer mailing list (this message is on the users mailing list). That's were the interesting development stuff is happening. Second it's good to familiarize yourself with the developers guide (found on the Wireshark website). Have a look at the SharkFest presentations to get a feel for things. Then you have to look into the form in which you want to create your protocol dissector: plain C (most powerfull?), ASN.1, Lua, Python. Please be aware that plain C is best supported, there's even a generator for that, ASN.1 requires you to write a template for a dissector compiler and your ASN.1 definition of course. Lua support is coming along nicely, Python support is somewhat experimental. Some more information can be found on the Wiki. As for licensing, everything linked to Wireshark is covered by GPLv2, as is Wireshark. That means that distribution requires making your source code available too. So if you keep things for yourself, you're fine.

Thanks,
Jaap