To build Wireshark refer to these resources:
- Windows: https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html
- Linux: https://gist.github.com/syneart/2d30c075c140624b1e150c8ea318a978
There are 2 options for integrating an X-Plane dissector into Wireshark:
-
As a plugin (quickest recompile during development)
- Copy
packet-xplane.candCMakeLists.txtintowireshark\private_plugins\xplane - Copy
wireshark\CMakeListsCustom.txt.exampletowireshark\CMakeListsCustom.txt - Edit
wireshark\CMakeListsCustom.txtand changeprivate_plugins/footoprivate_plugins/xplaneand uncomment the line - Rerun from the cmake step.
- Copy
-
Within the main libwireshark.dll dissector library
- Copy
packet-xplane.cintowireshark\epan\dissectors - Copy
wireshark\epan\dissectors\CMakeListsCustom.txt.exampletowireshark\epan\dissectors\CMakeListsCustom.txt - Edit
wireshark\epan\dissectors\CMakeListsCustom.txtand changepacket-foo.ctopacket-xplane.cand uncomment the line. - Rerun from the cmake step.
- Copy
For more information on writing wireshark dissectors refer to the wireshark\doc\README.subject files.
Download the release that is appropriate for your version of Wireshark.
To find your version goto Menu->Help->About Wireshark->Wireshark and check the topmost line. Only the first 2 numbers (Major and Minor) are important. e.g. 3.4.
Copy the plugin into one of the following folders:
- Wireshark's Personal_Plugins_Folder\epan\
- Wireshark's Global_Plugins_Folder\epan\
- Your wireshark\plugins\ version \epan\ folder.
I recommend the Personal_Plugins_Folder as this is not cleared by wireshark updates.
The folders can be found via Menu -> Help -> About Wireshark -> Folders -> Personal Plugins
Restart Wireshark if already running.
You can check Wireshark has loaded the plugin via Menu->Help->About Wireshark->Plugins Tab. The name will be xplane with a type of dissector.
Developed and tested on Windows 10+11 and Microsoft Visual Studio 2019/2022
Linux testing on Ubuntu 20.04.1 and WSL2 (Ubuntu and Debian)
The proto declaration is "xplane" and the protofields have been added using the format xplane.$header$.$element$".
So to view only BECN packets the display filter will be "xplane.becn"
Conversely to see all packet except BECN (as there are so many) filter on "xplane && !xplane.becn"
To only see those DATA packets with an index of 0 (Frame Rate Info) filter on "xplane.data.index == 0"
[X] Add releases for Windows 3.4, Ubuntu 3.2.
[X] Use wireshark's expert mechanism instead of validate_packet() just returning 0.
[ ] Add descriptive lookups for DATA packets.
[X] Track RREF's.