To build Wireshark refer to these resources:
- Windows: https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html
- Linux: https://gist.github.com/syneart/2d30c075c140624b1e150c8ea318a978
There are 2 options for integrating an X-Plane dissector into Wireshark:
-
As a plugin (quickest recompile during development)
- Copy
packet-xplane.c
andCMakeLists.txt
intowireshark\private_plugins\xplane
- Copy
wireshark\CMakeListsCustom.txt.example
towireshark\CMakeListsCustom.txt
- Edit
wireshark\CMakeListsCustom.txt
and changeprivate_plugins/foo
toprivate_plugins/xplane
and uncomment the line - Rerun from the cmake step.
- Copy
-
Within the main libwireshark.dll dissector library
- Copy
packet-xplane.c
intowireshark\epan\dissectors
- Copy
wireshark\epan\dissectors\CMakeListsCustom.txt.example
towireshark\epan\dissectors\CMakeListsCustom.txt
- Edit
wireshark\epan\dissectors\CMakeListsCustom.txt
and changepacket-foo.c
topacket-xplane.c
and uncomment the line. - Rerun from the cmake step.
- Copy
For more information on writing wireshark dissectors refer to the wireshark\doc\README.subject files.
Download the release that is appropriate for your version of Wireshark.
To find your version goto Menu->Help->About Wireshark->Wireshark and check the topmost line. Only the first 2 numbers (Major and Minor) are important. e.g. 3.4.
Copy the plugin into one of the following folders:
- Wireshark's Personal_Plugins_Folder\epan\
- Wireshark's Global_Plugins_Folder\epan\
- Your wireshark\plugins\ version \epan\ folder.
I recommend the Personal_Plugins_Folder as this is not cleared by wireshark updates.
The folders can be found via Menu -> Help -> About Wireshark -> Folders -> Personal Plugins
Restart Wireshark if already running.
You can check Wireshark has loaded the plugin via Menu->Help->About Wireshark->Plugins Tab. The name will be xplane with a type of dissector.
Developed and tested on Windows 10+11 and Microsoft Visual Studio 2019/2022
Linux testing on Ubuntu 20.04.1 and WSL2 (Ubuntu and Debian)
The proto declaration is "xplane" and the protofields have been added using the format xplane.$header$.$element$".
So to view only BECN packets the display filter will be "xplane.becn"
Conversely to see all packet except BECN (as there are so many) filter on "xplane && !xplane.becn"
To only see those DATA packets with an index of 0 (Frame Rate Info) filter on "xplane.data.index == 0"