Wireshark-dev: Re: [Wireshark-dev] LUA Dissector for custom packets
From: Christian Gurk <[email protected]>
Date: Fri, 21 Aug 2009 09:24:21 +0200
Reinhard Speyerer schrieb:
Christian Gurk wrote:

So I wrote the test dissector and it showes up in the Enable Protocols List (and of course, I activate it). But when I try to use it with "Decode as", this menu item is grayed out, so I can't use it.
Here is the code of my first test:
-- trivial protocol example
-- declare our protocol

mpic_proto = Proto("mpic485","MPIC 485 bus protocol")
-- local packet_table = DissectorTable.get("packet")
-- packet_table:add(packet.USER15,mpic_proto)
Hi Christian,

the following Lua code

local wtap_encap_table = DissectorTable.get("wtap_encap")
wtap_encap_table:add(wtap.USER15, mpic_proto)

combined with text2pcap -l 162 is probably the easiest way
to use your Lua dissector for your text file packet data.


Thanks Reinhard for your answer, but I tried the same already with the K12-type text input, which worked fine in principle. My problem is, that I would like to use an own link-layer type protocol. But I played around al little bit and it seems, that I HAVE to enable the "ethernet" Protocol do do anything with the data. Is that true? Is it somehow possible to register an own link-layer protocol as a first dissector? I would like to have sometthing like:
link-layer:		pass data to i-layer
internet-layer:		1-4 byte dest and src adresses
transport-layer:	port byte
application-layer:	time,ftp,string,system... (all proprietary)

Hmm, difficult to describe.
Thanks and greetings

Christian Gurk
Electronics Working Group / Research & Development
Max-Planck-Insitute for Chemistry, Mainz, Germany
+49-6131-305387 / [email protected]