This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Dissect payload data as IP packet in Lua custom dissector

0

Hi,

I have a packet which has some header fields and some payload. I've successfully written a dissector for the packet. So now I can see my own protocol's and field values in Wireshark. Now, the payload data for my protocol is basically an IP Packet data. I want to parse that data as IP Packet and show as a subtree inside my protocol.

Can somebody tell me how to parse my data with a pre defined IP Packet parser/dissector which wireshark already uses to parse IP Packets.

Thanks

This question is marked "community wiki".

asked 16 Jul '13, 02:20

atanudey's gravatar image

atanudey
16114
accept rate: 0%

edited 16 Jul '13, 03:39

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


One Answer:

2

Can somebody tell me how to parse my data with a pre defined IP Packet parser/dissector which wireshark already uses to parse IP Packets.

You call the standard IP dissector with the remaining bytes of your payload.

See the l2tp dissector for an example:

call_dissector(ip_handle, next_tvb, pinfo, tree);

See also these similar questions.

http://ask.wireshark.org/questions/2334/calling-another-dissector
http://ask.wireshark.org/questions/11608/use-of-call_dissector

UPDATE

I've written my dissector in LUA. Will this work in LUA? When I'm trying it says -

In Lua it works differently. See the following sample code.

http://www.wireshark.org/docs/wsug_html_chunked/wslua_dissector_example.html

First you create a variable and assign it a dissector reference. Then you call the dissector like this:

variable:call()

In your case, something like this:

local ip_dissector = Dissector.get("ip")
ip_dissector:call(...)

See the Lua docs for more information about dissector calling and also this similar question:

http://ask.wireshark.org/questions/18517/calling-lua-dissectors-from-lua-dissector

Regards
Kurt

answered 16 Jul '13, 02:32

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 16 Jul '13, 05:40

Hi Kurt,

Thanks for your quick reply. I've written my dissector in LUA. Will this work in LUA? When I'm trying it says -

Lua Error: ...\Program Files\Wireshark\plugins\netcode\netcode.lua:372: attempt to call global 'call_dissector' (a nil value)

Thanks

(16 Jul '13, 03:04) atanudey

Hey Kurt, Thanks a lot. It's working perfectly :)

(16 Jul '13, 03:35) atanudey
1

Great.

Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(16 Jul '13, 03:36) Kurt Knochner ♦