Wireshark · Wireshark-users: Re: [Wireshark-users] any examples of how to hook up Lua dissector to user

Wireshark-users: Re: [Wireshark-users] any examples of how to hook up Lua dissector to user_dlt t

From: "Maynard, Christopher" <Christopher.Maynard@xxxxxxx>

Date: Wed, 1 Sep 2021 02:22:13 +0000

> From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of Ariel Burbaickij
> Sent: Monday, August 30, 2021 4:20 AM
> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Subject: [Wireshark-users] any examples of how to hook up Lua dissector to user_dlt tree?
>
> Hello community,
> I would like to write Lua dissector for a binary, i.e. not text,  proprietary protocol on top of user_dlt.
> Are there any examples available, which roughly show how this is done ? Could you point me to them
> as I have not found much interesting yet.
>
> In particular, how actual hooking should look like:
>
> local user_dlt = DissectorTable.get("user_dlt")  // user_dlt dissector exists in Wireshark
> user_dlt:add(148, my_protocol_to_be_dissected) // my protocol uses user_dlt 148
> or is it something else ?
> Kind Regards
> Ariel Burbaickij

This is done just as for any other protocol, either by changing the Wireshark preferences or specifying the option on the command-line.  Assuming "Your Proprietary Protocol" = ypp and DLT=147 ...

1) Changing Wireshark preference: Edit -> Preferences... -> Protocols -> DLT_USER -> Encapsulations Table: Edit... -> [+] -> Select DLT 147, Payload Protocol=ypp, and set other relevant fields as needed -> OK -> OK.

        Refs:
                https://www.wireshark.org/docs/wsug_html_chunked/ChUserDLTsSection.html
                https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything

2) Command-line option:
        Windows: Wireshark.exe -o "uat:user_dlts:\"User 1 (DLT=147)\",\"ypp\",\"0\",\"\",\"0\",\"\""
        *nix: wireshark -o 'uat:user_dlts:"User 1 (DLT=147)","ypp","0","","0",""'

        Refs:
                https://www.wireshark.org/docs/man-pages/wireshark.html
                https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html

I hope that helps?
- Chris










CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.

Follow-Ups:
- Re: [Wireshark-users] any examples of how to hook up Lua dissector to user_dlt tree?
  - From: Ariel Burbaickij

Next by Date: Re: [Wireshark-users] any examples of how to hook up Lua dissector to user_dlt tree?
Next by thread: Re: [Wireshark-users] any examples of how to hook up Lua dissector to user_dlt tree?
Index(es):
- Date
- Thread