Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] any examples of how to hook up Lua dissector to user_dlt t

From: Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx>
Date: Wed, 1 Sep 2021 07:37:54 +0200
Hello Christopher, all,
as I wrote "... to write Lua dissector...", so instructions what and how to do on command line do not apply in this case. Meanwhile, I figured out by myself how this is supposed to work:

local udlt = DissectorTable.get("wtap_encap")
udlt:add(wtap.USER1, ypp)

why not to stick to one naming convention of user_dlt -- I do not know but the lines above is the way to start the dissector in this case.

Kind Regards
Ariel Burbaickij

On Wed, Sep 1, 2021 at 4:22 AM Maynard, Christopher via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:
> From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of Ariel Burbaickij
> Sent: Monday, August 30, 2021 4:20 AM
> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Subject: [Wireshark-users] any examples of how to hook up Lua dissector to user_dlt tree?
>
> Hello community,
> I would like to write Lua dissector for a binary, i.e. not text,  proprietary protocol on top of user_dlt.
> Are there any examples available, which roughly show how this is done ? Could you point me to them
> as I have not found much interesting yet.
>
> In particular, how actual hooking should look like:
>
> local user_dlt = DissectorTable.get("user_dlt")  // user_dlt dissector exists in Wireshark
> user_dlt:add(148, my_protocol_to_be_dissected) // my protocol uses user_dlt 148
> or is it something else ?
> Kind Regards
> Ariel Burbaickij

This is done just as for any other protocol, either by changing the Wireshark preferences or specifying the option on the command-line.  Assuming "Your Proprietary Protocol" = ypp and DLT=147 ...

1) Changing Wireshark preference: Edit -> Preferences... -> Protocols -> DLT_USER -> Encapsulations Table: Edit... -> [+] -> Select DLT 147, Payload Protocol=ypp, and set other relevant fields as needed -> OK -> OK.

        Refs:
                https://www.wireshark.org/docs/wsug_html_chunked/ChUserDLTsSection.html
                https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything

2) Command-line option:
        Windows: Wireshark.exe -o "uat:user_dlts:\"User 1 (DLT=147)\",\"ypp\",\"0\",\"\",\"0\",\"\""
        *nix: wireshark -o 'uat:user_dlts:"User 1 (DLT=147)","ypp","0","","0",""'

        Refs:
                https://www.wireshark.org/docs/man-pages/wireshark.html
                https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html

I hope that helps?
- Chris










CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe