How do you test a Wireshark dissector?

To test a Wireshark dissector I found this useful:

• Define a set of packets that the dissector should analyse including malformed packets
• Implement the packets as a hex dump
• Define the expected output
• For each packet dump
  • Generate pcap files with text2pcap
  • Run the dissector with tshark
  • Extract the payload from the PDML output of tshark
  • Compare the XML output with the expected XML output

This can be improved by filtering the XML output since the PDML also includes the packet bytes, what can be annoying if the payload is large or/and complex.

The suggested arguments to the wireshark executables are

text2pcap -T 1024,9876 foo.txt foo.pcap
tshark -T pdml -r "foo.pcap"

To extract the dissector output it's useful to use an XPATH expression with the .NET CLR class XmlNode. This can be done e.g. this way:

XmlNode output = tsharkOutput.SelectSingleNode("packet/proto[@name='foo']");
XmlNodeList refList = referenceDocument.SelectNodes("proto[@name='foo']");

You can use something like Scapy or PacketSender to generate test packets.