Wireshark-dev: Re: [Wireshark-dev] How to use Wireshark dissectors and header fields? (looking
From: Jaap Keuter <[email protected]>
Date: Sat, 9 Sep 2017 11:38:11 +0200

Take it in small steps Padawan, gaining experience takes time.
Q1: See the reply from Pascal earlier.
Q2: C and Lua are fundamentally different programming languages.
	- C is used for the main program and all build in dissectors. These are the most capable.
	- Lua is used as an extension language. It allows to add (simpler) dissectors to Wireshark without the need to recompile it.
Q3: As README.dissector can tell you in more detail, header fields are constructs to define how raw data is to be presented by a dissector.
You use functions to extract data from a certain place in the received packet and use the header field to define the presentation.
The header field may even define a subset of a the retrieved data, and interpretations of this data.
Q4: Read the Wireshark Developers Guide (that’s not README.dissector!) one chapter at a time.
Q5: The Wireshark source code repository is full of C dissectors. There is no central repository for Lua dissectors, but a search a GitHub should yield some.
Q6: Header fields are constructs used in dissectors to define data representation. There is no choosing between them.