Hi, I am trying to create Lua dissectors for wireshark that work on different port numbers. The port numbers that they use are not fixed. Hence I wanted to create a pop up or some other kind of system in wireshark to specify the port numbers they would work on so that those port numbers could be used to dissect the packets. I essentially want to input the port number from the user either when the user opens up wireshark or when the user applies the filter. Thanks asked 18 Jul '16, 13:04  shobhit_garg91 edited 20 Jul '16, 12:58 |
2 Answers:
There are 2 basic ways to do it:
These days the former is preferred. answered 18 Jul '16, 13:35  JeffMorriss ♦ showing 5 of 7 show 2 more comments |
That's not the way to go about it. For instance this same dissector has to work from the command line in tshark, dissectors may be called multiple times, which makes user interaction a problem. The solution is either using the method of 'Decode as...' or add a preference for a port range. answered 18 Jul '16, 13:28  Jaap ♦ Thanks Jaap. I am trying to register a preference. Specifically I want my dissector to appear in the Edit>> Preferences >> Protocols with a field where I could specify multiple port numbers like the one present for HTTP. Please let me know if there is any method to do so such that those port numbers could be used to specify the dissector about the packets. (20 Jul '16, 11:47) shobhit_garg91 |
Thanks Jeff for the answer. I am trying to register a preference. Specifically I want my dissector to appear in the Edit>> Preferences >> Protocols with a field where I could specify multiple port numbers like the one present for HTTP. Please let me know if there is any method to do so such that those port numbers could be used to specify the dissector about the packets.
Try reading doc/README.dissector for how to add preferences. There are plenty of dissectors to look at for working examples too.
Hi, Thanks. I have added a preference for my dissector and it is showing in the edit >> Preferences >> Protocols. I have added a range type of preference to the dissector to read in a range of port numbers. My question is how to use this preference to add these as port numbers for my dissector. Thanks
According to the documentation (linked from item 2 above) the preferences get added to the
Proto.prefstable. Never tried it myself but hopefully that's a good starting point.Hi, I have added the preference for my dissector, and in my dissector, I am trying to read the preference value and use it to add the corresponding port numbers specified in the preference. However when I am opening wireshark, I am getting the following error: "No preference has been registered yet". Please let me know if there is any way to overcome this issue and read the value in the pref to use it as a port number. According to the documentation the pref is returned in the form of a string. Thanks.
If your dissector is written in Lua, you might try stating that in the question next time. If you're looking for help with Lua, I posted some useful Lua-related links in my answer to this question, which should help you. In particular, the
fpm.luascript uses preferences and should be of particular use to you.Thank you everyone. I was able to handle the port numbers dynamically by setting up the dissector preference and using the function prefs_changed().