Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating a dissector for other Wireshark versions #6

Open
cpoore1 opened this issue Sep 5, 2022 · 6 comments
Open

Creating a dissector for other Wireshark versions #6

cpoore1 opened this issue Sep 5, 2022 · 6 comments

Comments

@cpoore1
Copy link

cpoore1 commented Sep 5, 2022

I really like this tool but I'm struggling to get the dissector to work for other versions of Wireshark beyond 3.4. I've tried adjusting different values in files within the dissector folder but I haven't had any luck. Do you have any suggestions to get h4bcm.so working for some of the newer versions?
@Matheus-Garbelini
Copy link
Owner

Matheus-Garbelini commented Sep 7, 2022
edited
Loading

Hi @cpoore1, what version of Wireshark and Ubuntu are you using?
I'll try to compile with your environment and let you know.
You can try deleting the file dissectors/config.h

This config file was copied from a previous wireshark version and forces the dissector to be compiled for version 3.4.0

@cpoore1
Copy link
Author

cpoore1 commented Sep 7, 2022

Thanks, I think deleting config.h may have fixed my problems. Anyways, I was looking at Wireshark version 3.6.5 across Ubuntu 18.04/20.04/22.04.

@cpoore1
Copy link
Author

cpoore1 commented Sep 7, 2022

Never mind, I think h4bcm.so still gets put in a 3.4 folder after deleting config.h. If I move it to a 3.6 folder (.local/lib/wireshark/plugins/3.6/epan/ or ./usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/) or change the location in build.sh I get Duplicate protocol name errors when starting Wireshark.

@Matheus-Garbelini
Copy link
Owner

Matheus-Garbelini commented Sep 8, 2022
edited
Loading

Hi @cpoore1 to fix this duplicated error, you can rename "btlmp"
in this lines: https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer/blob/master/dissectors/packet-btbrlmp.c#L4961-L4965

to "esp32_btlmp"

Version 3.6 of wireshark introduced a LMP dissector which shares the same name as the one on this repo.

Also, to fix the plugin installation path from 3.4 to 3.6, change this line:
https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer/blob/master/dissectors/build.sh#L5
to WIRESHARK_PLUGINS_FOLDER="/home/$USER/.local/lib/wireshark/plugins/3.6/epan/"

@cpoore1
Copy link
Author

cpoore1 commented Sep 8, 2022

I needed to replace the full name too. I ended up doing this:

cd esp32_bluetooth_classic_sniffer
rm ./dissectors/config.h
sed -i 's/Bluetooth Link Manager Protocol/ESP32 Bluetooth Link Manager Protocol/g' ./dissectors/packet-btbrlmp.c
sed -i 's/btlmp/esp32_btlmp/g' ./dissectors/packet-btbrlmp.c
sed -i 's/3.4/3.6/g' ./dissectors/build.sh
sudo ./requirements.sh
./build.sh
sudo cp dissectors/h4bcm.so /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/  # Placing it where "sudo Wireshark" dissectors are located
rm ~/.local/lib/wireshark/plugins/3.6/epan/h4bcm.so  # To avoid "plugin 'h4bcm.so' was found in multiple directories" warning

Thank you for the quick help.

@Matheus-Garbelini
Copy link
Owner

Thanks @cpoore1
Will update the repo with some changes later

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Matheus-Garbelini @cpoore1