TCP streams are easy, you have sequence ids to correlate things. When you click on a packet, this will dump lots to the console, and you can hopefully work out the magic values you need! Synchronising packets Print(string.format("ix=%d, finfo.name = %s, finfo.value=%s", ix, finfo.name, getstring(finfo))) Local fields = for ix, finfo in ipairs (fields ) do print ( string.format ( "ix=%d, finfo.name = %s, finfo.value=%s", ix, finfo. But there’s a few ways of working with it when you add it to the tree.
You declare ProtoField’s as just uint8, uint16, uint32. From here on out, I’m going to assume that you know what’s going on, and just need help with things that are not covered in any of the earlier links.
These were all generally very helpful, but there two things I wrestled with, that I didn’t feel were at all well described. Graham Bloice’s “Writing a Wireshark Disseector”.Stig Bjørlykke’s “Lua Scripting in Wireshark” slides.I got to work, following these (somewhat) helpful resources: Seemed like a better/easier/more flexible approach. I have been doing some work with Lua in my dayjob, and had read that wireshark supported dissector plugins could be written in Lua now.
I have written a custom wireshark dissector before, but I wasn’t super happy with the mechanism. I was decoding them by hand, and then copying and pasting into a python script (I had pretty good sources of what all the bytes meant, I just had no good way of visualising the stream, which is where wireshark and this post comes in) I got wireshark to sniff the traffic, (Not going into that here, it’s relatively straightforward and documented enough on the web to get by) but as it’s a vendor specific protocol, it was just lots of bytes.
Earlier this week I was doing some reverse engineering and confirmation of behaviour for a USB tool.
0 kommentar(er)
