Wireshark Dissector for DiaStar™ Woomera

From ProjectDiaStar

Jump to: navigation, search

Contents

Wireshark and Woomera

An invaluable tool for working with any packet-based IP protocol is [Wireshark], "the world's foremost network protocol analyzer".

Wireshark, however, does not yet (October, 2009) have a Woomera dissector (protocol analysis module) distributed with it. Until this is the case, it is necessary to manually add a Woomera dissector, which can be downloaded [here], to Wireshark.

Since the Woomera dissector is not yet part of the full Wireshark package, Wireshark must be built from source code and the Woomera dissector added to the build. Thus, the Wireshark source code download is needed.

CentOS Updates Needed for the Wireshark Build

Since the DiaStar server distributed via the ISO download is intended to be a simple appliance rather than a development platform, these update instructions assume that you have a CentOS 5.2 system similar to that described [here] Since Wireshark is GUI-based, X/Gnome must be installed and used.

Several additional changes may be needed to build Wireshark:

  • GTK+ 2.4 or greater - Gnome Software Development Package selected from CentOS Package Manager (Add/Remove Software)
  • Libpcap Development Package - libpcap-devel-14:0.9.4-15.el5.i386 - individual package selected from CentOS Package Manager (Add/Remove Software)
  • Autoconf 2.60 or greater - a yum update of the installed version 2.59 is not possible. Download the Autoconf source from GNU and build and install with: 
> ./configure
> make install

Compiling the Woomera Dissector Into Wireshark

The instructions that follow were adapted from the Wireshark doc/README.developer and are current as of Wireshark version 1.2.2. Note that this dissector has only been tested under Linux, but there is no reason that it would not work with a Windows-based Wireshark.

These steps must be done before building Wireshark.

  • Copy the file 'packet-woo.c' into the 'epan/dissectors' directory.
  • Delete the file register.c in 'epan/dissectors'
  • Add the name 'packet-woo.c' to the 'DISSECTOR_SRC' macro in the 'Makefile.common' file in 'epan/dissectors': 
DISSECTOR_SRC =   \
 ...
 packet-wol.c     \
 packet-woo.c     \
 packet wps.c     \
 ...

The following commands should now be issued to create the makefiles and build wireshark: 

> ./autogen.sh  
> ./configure
> make
> make install

Do not skip the autogen.sh step. This adds the Woomera dissector to the makefile in the dissector directory and allows it to be compiled into Wireshark.

Using Wireshark with Woomera

Examining Woomera packets is no different than looking at any other protocol. An excellent set of documentation for Wireshark can be found [here].

Several points to keep in mind:

  • Woomera is TCP/IP based, so make sure you are not filtering by UDP only
  • Filters and expressions can be activated and built for Woomera. Use the short name "woo" for these purposes
  • Clicking the right arrows allows you to disassemble a selected Woomera packet
Retrieved from "http://wiki.projectdiastar.org/index.php/Wireshark_Dissector_for_DiaStar%E2%84%A2_Woomera"
Personal tools