ring0 » blog

Writing Wireshark Plugins in C

tags: n900, wireshark, phonet, isi, c 2010-10-05 02:38 by sre

After some time writing the phonet dissector for wireshark in lua I noticed the disadvantages:

So I tried the C interface. I found the basic structure for plugins pretty fast in their documentation and thought about some design changes in the plugin:

A word and a blow. The new plugin is available in this isi-wireshark-plugin repository.

GPS Resource

I took some deeper looks on these packets and found the time and date information from the GPS data packets. Then I found out, that some guy from the Maemo community reverse engineered quite some stuff about it already and added all that to the plugin. The dissection of a GPS packet now looks as follows:

wireshark-gps

So the basic features of GPS are available (position,date/time,movement). Missing though are status fields, satellite information and AGPS stuff. Screenshot

Update (17.10.2010 17:21:00 +0200):

The guy from the Maemo community, Luke Dashjr, who reverse engineered the GPS data packet contacted me the other day and told me he found out about the missing bits, so I’m pleased to announce, that the wireshark plugin does know about satellite info now. The only missing bit is A-GPS!