wireshark支持s7comm-plus协议解析

本文将使用稳定版wireshark4.2.12源码编译支持西门子s7comm-plus协议解析。

1. 下载wireshark源代码

$git clone https://github.com/wireshark/wireshark.git

$git checkout wireshark-4.2.12

或者直接官网下载

$wget -c https://2.na.dl.wireshark.org/src/wireshark-4.2.12.tar.xz

$tar -Jxvf  wireshark-4.2.12.tar.xz

2. 下载s7comm-plus插件源码并拷贝到wireshark源码目录epan/dissectors/下 

wget -c https://sourceforge.net/code-snapshots/svn/s/s7/s7commwireshark/code/s7commwireshark-code-r514-trunk-src-s7comm_plus.zip

unzip s7commwireshark-code-r514-trunk-src-s7comm_plus.zip

cp -rp ./s7commwireshark-code-r514-trunk-src-s7comm_plus/packet-s7comm-plus.* ./wireshark-4.2.12/epan/dissectors/

3. 修改epan/dissectors/CMakeLists.txt支持s7comm-plus协议

        packet-s7comm.h
        packet-s7comm_szl_ids.h
        packet-s7comm_plus.h

        ${CMAKE_CURRENT_SOURCE_DIR}/packet-s7comm.c
        ${CMAKE_CURRENT_SOURCE_DIR}/packet-s7comm_szl_ids.c
        ${CMAKE_CURRENT_SOURCE_DIR}/packet-s7comm_plus.c

4.编译安装

mkdir build
cd build
cmake ..
make -j`nproc`

出现下列问题：

libwireshark.so.17.0.12: undefined reference to `tvb_get_uint8' collect2: error: ld returned 1 exit status

将packet-s7comm-plus.c文件中的tvb_get_uint8全部修改为"tvb_get_guint8"

重新执行编译安装即可

参考资料：

https://sourceforge.net/p/s7commwireshark/code/HEAD/tree/trunk/doc/