Reputation: 723
Tshark not running via gdb to learn tcp and udp dissectors
I have successfully installed wireshark on centos 6.4 I can run the command tshark it works perfectly fine. I want to run gdb so that I want to learn how it decodes tcp and udp packet as I am writing an application where I need to dissect these two types of packets. When I run libtool --mode=execute gdb tshark it run and stop at here (gdb) it not capturing anything. The reason I want to run it via gdb is to learn how both tcp and udp have been dissect as I dont want to reinvent the wheel.
Upvotes: 0
Views: 176
Answers (1)
Reputation: 2954
I don't think it would be practical to learn tcp dissection through just gdb.
Why not directly examine the source code? It's available for download here. All dissector can be found under "epan/dissectors/".
You might specifically want to look at packet-tcp.c and packet-udp.c files, particularly the functions dissect_tcp() and dissect_udp() respectively. Also, a quick read through this tutorial for creating dissectors might help you understand the coding conventions of this project quickly.
Upvotes: 1
Related Questions
- Compiling Wireshark packet dissector
- How to dissect UDP msgpack using Wireshark/tshark?
- Debugging wireshark dissector
- The fatal error after running the tshark.c source file on the second time
- Wireshark Dissector :- Running autogen.sh and configure again
- Wireshark dissector configuration argument
- Run lua dissector and tap in tshark at the same time
- wireshark - tcp_dissect_pdus() sometimes doesn't work
- building tshark
- Wireshark tcap dissector inside my program