I have a server and a client that are sending binary data inside custom structured TCP/UDP packets (a pretty standard scenario I'm sure). In order to validate the data, I would like to use Wireshark to check that the packet structure and contents are correct, but want to avoid the current necessity of (for example) finding the 16-19th bytes in packetX and converting that 32 bit float to a decimal, or scrolling down to the 2314th byte in packetY to see if that byte is 03 or 04 is what's causing the bug... etc etc. I know wireshark has built-in decoders for a huge variety of common protocols (e.g. HTTP), but what is the best way forward for analyzing custom byte packets (incl variable length)? The packets I am looking at all have a header with a magic start, length, name, and a magic end. An Lua dissector looks like the right tool, but before I jump into it, I want to see what others might recommend or suggest? /edit: Real-time is preferred. I am not looking to capture and analyze later, so if I am using Wireshark, I want to see the dissected packets as they come in, and even filter by packet names I have pre-defined in my Lua (if this is possible?) asked 19 Nov '14, 18:31  Fidelius edited 19 Nov '14, 18:37 |
One Answer:
A Lua dissector is one option. Please see the docs and samples to get started. Another option is the Wireshark gerneric dissector (third party add-on). Regards answered 20 Nov '14, 01:33  Kurt Knochner ♦ |
Shameless plug, see my presentation and other materials from Sharkfest'13 about writing a dissector that covers a basic dissector using WSGD, Lua and C.
+1
no need to be "ashamed" ;-)
I'm not, hence the "shameless" :-)
Thanks Kurt. I started using WSGD but decided the build-in support that Wireshark has for Lua is preferred to a third party dll which might stop development at any stage. And grahamb, that link is dead but I found your zip at http://sharkfest.wireshark.org/sharkfest.13/presentations/PA-10_Writing-a-Wireshark-Dissector_Graham-Bloice.zip Very useful thank you!