Wireshark-users: Re: [Wireshark-users] Plugging decoder scripts into Wireshark
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Mon, 10 May 2010 23:10:51 +0200
Hi,

Wireshark is made to be very extensible. Natively its dissectors are written in C, but LUA and, in the development version, Python support is build in as well.
This allows you to dissect the protocol data found in the captured frames.
Dissectors written in C can be added as plugins to a Wireshark installation, LUA and Python scripts are added through configuration files.

Have a look at the documentation provided through the Wireshark webpage.

Thanks,
Jaap

On 05/10/2010 10:23 PM, Mark Dawson wrote:
We have protocols that we receive from various exchanges (e.g., NASDAQ,
CME, etc.) that are encoded in different ways to transport market feeds
to financial firms.

We capture this data for analysis with tcpdump and analyze it with
Wireshark. However, to decode the actual packet data, we have decoder
tools we run against the it to get the actual market data (e.g., 300
shares of IBM sold@$85.32).

Do any of you know if it's possible to plug into Wireshark a decoder
script, possibly written in Perl/Python/C, that will decode the packet
data and display in a screen? If we could do this, we can provide our
decoder scripts to people not as technically savvy so they wouldn't have
to tinker with our individual decoder scripts, but could just go through
a familiar Wireshark screen and search through the data.

Is this possible?