一直使用protobuf作为网络开发的私有协议消息通信。但是抓包分析是个问题。幸好目前已经有了支持wireshark的protobuf插件。该插件是基于linux的代码编写的。
1. 首先要先搭建好wireshark编译环境,可以参考官方的wireshark编译环境配置,安装上面的配置基本上是无问题。
本人出现在 nmake -f Makefile.name setup 时出现了解压压缩包失败的问题,打开 tools/win-setup.sh文件,注释掉unzip的相关命令即可,后续编译过程中,根据错误提示,自己手动解压。
2. 下载protobuf-wireshark代码,到google下载,下载protobuf-wireshark-runtime-0.1.tar.gz文件
3. 解压protobuf-wireshark-runtime-0.1.tar.gz文件后,修改 wireshark.conf配置文件。设置wireshark的源代码和安装目录,本人配置如下
wireshark_src_dir : /cygdrive/h/wireshark-1.8.6
wireshark_install_dir : /cygdrive/c/Program Files/Wireshark
wireshark_version : 1.8.6
4. 启动cygwin终端,并切换到protobuf-wireshark-runtion-0.1的目录下面,本人地址为;/cygdrive/h/a/protobuf-wireshark-runtime-0.1
5. 执行$ ./make_wireshark_plugin.py wireshark.conf
注意:编译是通不过的,因为该工程是针对linux的,而我们要的是windows的版本。
执行后,在wireshark\plusins目录下会创建protobuf目录,并且生成了moduleinfo.h、Makefile.am、packet-protobuf.c、wireshark-glue-protobuf.o四个文件
同时在protobuf-wireshark-runtime-0.1源代码目录下也会生成2个c++文件wireshark-glue-protobuf.h和wireshark-glue-protobuf.cc,把这2个文件拷贝到plugins\protobuf目录下面。
6. 切换到plugins\protobuf目录,并从其他插件目录拷贝 Makefile.common、moduleinfo.nmake、Makefile.nmake、plugin.rc.in 4个文件,并对这写文件做修改。
wireshark的所有源代码都是基于c语言的,但是protobuf插件多了c++文件。
7.一下是本人修改后的文件。
1) moduleinfo.nmake文件内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# # $Id: moduleinfo.nmake 20157 2006-12-19 22:23:22Z jake $ # # The name PACKAGE=protobuf # The version MODULE_VERSION_MAJOR=0 MODULE_VERSION_MINOR=1 MODULE_VERSION_MICRO=0 MODULE_VERSION_EXTRA=0 # # The RC_VERSION should be comma-separated, not dot-separated, # as per Graham Bloice's message in # # http://www.ethereal.com/lists/ethereal-dev/200303/msg00283.html # # "The RC_VERSION variable in config.nmake should be comma separated. # This allows the resources to be built correctly and the version # number to be correctly displayed in the explorer properties dialog # for the executables, and XP's tooltip, rather than 0.0.0.0." # MODULE_VERSION=$(MODULE_VERSION_MAJOR).$(MODULE_VERSION_MINOR).$(MODULE_VERSION_MICRO).$(MODULE_VERSION_EXTRA) RC_MODULE_VERSION=$(MODULE_VERSION_MAJOR),$(MODULE_VERSION_MINOR),$(MODULE_VERSION_MICRO),$(MODULE_VERSION_EXTRA) |
Makefile.nmake文件内容
注意:这里需要设置protobuf的头文件和lib库,如果没有protobuf工程,请先编译protobuf工程。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# Makefile.nmake # nmake file for Wireshark plugin # # $Id: Makefile.nmake 42971 2012-06-01 14:08:12Z wmeier $ # PROTOBUF_DIR=F:\OpenSource\protobuf-2.4.1\src PROTOBUF_LIB=F:\OpenSource\protobuf-2.4.1\vsprojects\Release\libprotobuf.lib include ..\..\config.nmake include moduleinfo.nmake PLUGIN_NAME=protobuf DISSECTOR_SRC=packet-protobuf.c DISSECTOR_SRCC=wireshark-glue-protobuf.cc DISSECTOR_SUPPORT_SRC= DISSECTOR_INCLUDES=wireshark-glue-protobuf.h moduleinfo.h CFLAGS=$(WARNINGS_ARE_ERRORS) $(STANDARD_CFLAGS) \ /I../.. $(GLIB_CFLAGS) \ /I$(PROTOBUF_DIR) .c.obj:: $(CC) $(CFLAGS) -Fd.\ -c $< .cc.obj:: $(CC) $(CFLAGS) -Fd.\ -c $< LDFLAGS = $(PLUGIN_LDFLAGS) !IFDEF ENABLE_LIBWIRESHARK LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib ..\..\wsutil\libwsutil.lib $(PROTOBUF_LIB) CFLAGS=/D_NEED_VAR_IMPORT_ $(CFLAGS) DISSECTOR_OBJECTS = $(DISSECTOR_SRC:.c=.obj) DISSECTOR_OBJECTSS = $(DISSECTOR_SRCC:.cc=.obj) DISSECTOR_SUPPORT_OBJECTS = $(DISSECTOR_SUPPORT_SRC:.c=.obj) OBJECTS = $(DISSECTOR_OBJECTS) $(DISSECTOR_SUPPORT_OBJECTS) $(DISSECTOR_OBJECTSS) RESOURCE=$(PLUGIN_NAME).res all: $(PLUGIN_NAME).dll $(PLUGIN_NAME).rc : moduleinfo.nmake sed -e s/@PLUGIN_NAME@/$(PLUGIN_NAME)/ \ -e s/@RC_MODULE_VERSION@/$(RC_MODULE_VERSION)/ \ -e s/@RC_VERSION@/$(RC_VERSION)/ \ -e s/@MODULE_VERSION@/$(MODULE_VERSION)/ \ -e s/@PACKAGE@/$(PACKAGE)/ \ -e s/@VERSION@/$(VERSION)/ \ -e s/@MSVC_VARIANT@/$(MSVC_VARIANT)/ \ < plugin.rc.in > $@ $(PLUGIN_NAME).dll $(PLUGIN_NAME).exp $(PLUGIN_NAME).lib : $(OBJECTS) $(LINK_PLUGIN_WITH) $(RESOURCE) link -dll /out:$(PLUGIN_NAME).dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) \ $(GLIB_LIBS) $(RESOURCE) # # Build plugin.c, which contains the plugin version[] string, a # function plugin_register() that calls the register routines for all # protocols, and a function plugin_reg_handoff() that calls the handoff # registration routines for all protocols. # # We do this by scanning sources. If that turns out to be too slow, # maybe we could just require every .o file to have an register routine # of a given name (packet-aarp.o -> proto_register_aarp, etc.). # # Formatting conventions: The name of the proto_register_* routines an # proto_reg_handoff_* routines must start in column zero, or must be # preceded only by "void " starting in column zero, and must not be # inside #if. # # DISSECTOR_SRC is assumed to have all the files that need to be scanned. # # For some unknown reason, having a big "for" loop in the Makefile # to scan all the files doesn't work with some "make"s; they seem to # pass only the first few names in the list to the shell, for some # reason. # # Therefore, we have a script to generate the plugin.c file. # The shell script runs slowly, as multiple greps and seds are run # for each input file; this is especially slow on Windows. Therefore, # if Python is present (as indicated by PYTHON being defined), we run # a faster Python script to do that work instead. # # The first argument is the directory in which the source files live. # The second argument is "plugin", to indicate that we should build # a plugin.c file for a plugin. # All subsequent arguments are the files to scan. # !ENDIF clean: rm -f $(OBJECTS) $(RESOURCE) *.pdb *.sbr \ $(PLUGIN_NAME).dll $(PLUGIN_NAME).dll.manifest $(PLUGIN_NAME).lib \ $(PLUGIN_NAME).exp $(PLUGIN_NAME).rc distclean: clean maintainer-clean: distclean checkapi: # TODO: Fix api's :) # $(PERL) ../../tools/checkAPIs.pl -g abort -g termoutput -build $(DISSECTOR_SRC) $(DISSECTOR_INCLUDES) |
Makefile.common文件的内容被我移到了Makefile.nmake,不知道为何独立放置在Makefile.common的时候编译通不过。
plugin.rc.in文件内容无需修改。
8。修改plugins目录下的Makefile.nmake,增加protobuf工程的编译。
9.重新编译wireshark。
提示:需要下载dirent-1.13.zip,解压后把dirent.h放到VC\Include目录下面,这是一个模拟linux dir相关接口的源代码。
10.把 plugins\protobuf\protobuf.dll 拷贝到wireshark安装目录下plugins\版本号\ 目录下。
11. 在wireshark 安装目录下创建protobuf目录,用于放置protobuf的配置文件和消息定义文件。
12.启动你的wireshark,可以开始抓包分析google protobuf消息了。。
一波三折在所难免,祝你好运!!!
转自http://blog.csdn.net/love_newzai/article/details/8819385
附:可能要用到的文件
dirent-1.13,protobuf-wireshark-0.5.tar,protobuf-wireshark-runtime-0.1.tar
发表评论
要发表评论,您必须先登录。