Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to improve workflow for creating a Lua-based Wireshark dissector

Tags:

workflow

restart

read-eval-print-loop

wireshark

lua

I've finally created a Dissector for my UDP protocol in Lua for Wireshark, but the work flow is just horrendous. It consists of editing my custom Lua file in my editor, then double-clicking my example capture file to launch Wireshark to see the changes. If there was an error, Wireshark informs me via dialogs or a red line in the Tree analysis sub-pane. I then re-edit my custom Lua file and then close that Wireshark instance, then double-click my example capture file again. It's like compiling a C file and only seeing one compiler error at a time.

Is there a better (faster) way of looking at my changes, without having to restart Wireshark all the time?

At the time, I was using Wireshark 1.2.9 for Windows with Lua enabled.

like image 531
piyo Avatar asked Aug 31 '10 23:08

piyo

2 Answers

The best way to automate this is by using command line. Yep, use tshark instead of loading gui thingy.

If your lua script is called "proto.lua" and it defines an protocol called "MyProto" that uses port 8888, you can test your dissector using:

tshark -X lua_script:proto.lua -O MyProto -V -f "port 8888"
  • -V option makes tshark print all the info of all protocols.
  • -O option filters the -V option to make it show all the info only on the listed(CSV) protocols.
  • -f option filters all packets that doesn't conform to the rule. In this case any packet that is not from the right port.
like image 82
shomeax Avatar answered Oct 04 '22 21:10

shomeax

The latest Wireshark release comes with a primitive console for running lua script. It can be found under Tools -> Lua -> Evaluate. From there, you should be able to reload your dissector by running dofile(). You'll also have to remove the previous version of your dissector.

Here's an example for a TCP-based dissector.

local tcp_dissector_table = DissectorTable.get("tcp.port")
tcp_dissector_table:remove(pattern, yourdissector)
yourdissector = nil

dofile("c:/path/to/dissector.lua")

I recommend placing this code in a function inside your file.

Now there's a problem with this answer: If your script created a Proto object, it seems that you can't create it again with the same id. The constructor for the Proto class calls the C function proto_register_protocol() (see epan/wslua/wslua_proto.c). I can't find any lua function that will unregister the protocol. In fact, I can't even find a C function to unregister it.

like image 41
philippe Avatar answered Oct 04 '22 22:10

philippe
Sign in to Comment

Related questions

How to have facebook messenger bot in local, staging and production
prevent `git` from pushing commits with given commit message
What git workflow to use for 2 non-co-located developers?
front end development workflow with angularjs and gruntjs
PHP framework to build Workflow Management system
Update website with a single command (git push) instead of FTP drag and dropping
Where is Windows Workflow Foundation used?
Kubernetes can analytical jobs be chained together in a workflow?
How to make simple workflow from existing code?
Processing a simple workflow in Python
Powershell 3.0 - Workflows - Limit number of parallel execution
Why can't a branch name contain the 'hash' (#) char at the begining?
writing functions vs. line-by-line interpretation in an R workflow
Workflow with (non-) minified js/css files for development and production
Using an array of values to repeat a step in GitHub Actions workflow
How do you use kate? Tips/Tricks/Workflow
Git feature branches and minor code improvements
Best Practices: Storing a workflow state of an item in a database? [closed]
Workflow editing software required - recommendation [closed]
Proper Git workflow for combined OS and Private code?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!