I have a custom protocol that I'm looking at in wireshark. I thought it'd be useful if wireshark could disect it for me so that I don't have to decode the hex. Although I'm doing this in my program logs, wireshark captures the whole conversation with timing info so it'd be more useful there.

Can this be easily done?

It depends on your definition of "easily". It's definitely doable - Wireshark has great support for pluggable dissectors.

README.developer is apparently the "best manual" for dissector development. Take a look, and decide for yourself.

You can write dissectors using Wireshark's LUA API. That way you can write a quick-and dirty dissector without downloading Wireshark's code, or even a compiler. A very simple, yet powerful example is shown in the documentation. Such a LUA dissector is perfectly fine for debugging use, and even distribution with your project.

If you intend to commit your dissector to the official Wireshark repository, you should of course implement it in C for performance and integration reasons.

To use your dissector, create a file my_dissector.lua and invoke Wireshark like this: wireshark -X lua_script:my_dissector.lua

It depends on your definition of "easily". It's definitely doable - Wireshark has great support for pluggable dissectors.

README.developer is apparently the "best manual" for dissector development. Take a look, and decide for yourself.

Alternatively, instead of writing your own dissector, there are some projects that generate a protocol dissector from a definition or provide a DSL on top of the API:

• wssdl -- A Lua library that defines a domain-specific language built on top of Lua for the purpose of defining protocol dissectors.
• wsgd -- A generic dissector that parses a protocol definition and uses it to dissect messages.
• asn2wrs -- A tool that compiles an ASN.1 specification and some C glue to a Wireshark dissector.
• csjark -- A tool for generating Lua dissectors from C struct definitions to use with Wireshark.