Menu
I have a custom protocol that I'm looking at in wireshark. I thought it'd be useful if wireshark could disect it for me so that I don't have to decode the hex. Although I'm doing this in my program logs, wireshark captures the whole conversation with timing info so it'd be more useful there.
Can this be easily done?
852
To enable or disable protocols select Analyze → Enabled Protocols… . Wireshark will pop up the “Enabled Protocols” dialog box as shown in Figure 11.4, “The “Enabled Protocols” dialog box”. To disable or enable a protocol, simply click the checkbox using the mouse.
Setup. If you go to Help –> About Wireshark –> Folders, you'll find all the folders Wireshark reads Lua scripts from. Choose either the Personal Lua Plugins, Global Lua Plugins or Personal configuration folder.
You can write dissectors using Wireshark's LUA API. That way you can write a quick-and dirty dissector without downloading Wireshark's code, or even a compiler. A very simple, yet powerful example is shown in the documentation. Such a LUA dissector is perfectly fine for debugging use, and even distribution with your project.
If you intend to commit your dissector to the official Wireshark repository, you should of course implement it in C for performance and integration reasons.
To use your dissector, create a file my_dissector.lua and invoke Wireshark like this: wireshark -X lua_script:my_dissector.lua
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
