This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I let the user specify a port for a Wireshark Lua dissector?

0

Hi, I am trying to create Lua dissectors for wireshark that work on different port numbers. The port numbers that they use are not fixed. Hence I wanted to create a pop up or some other kind of system in wireshark to specify the port numbers they would work on so that those port numbers could be used to dissect the packets. I essentially want to input the port number from the user either when the user opens up wireshark or when the user applies the filter. Thanks

asked 18 Jul '16, 13:04

shobhit_garg91's gravatar image

shobhit_garg91
169914
accept rate: 0%

edited 20 Jul '16, 12:58


2 Answers:

2

There are 2 basic ways to do it:

  1. Register your dissector for the port table you're interested in and allow users to specify which ports to decode as your protocol through the "Decode As" dialog. See the discussion on the wiki for details.
  2. (or) register a preference

These days the former is preferred.

answered 18 Jul '16, 13:35

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Thanks Jeff for the answer. I am trying to register a preference. Specifically I want my dissector to appear in the Edit>> Preferences >> Protocols with a field where I could specify multiple port numbers like the one present for HTTP. Please let me know if there is any method to do so such that those port numbers could be used to specify the dissector about the packets.

(20 Jul '16, 11:47) shobhit_garg91

Try reading doc/README.dissector for how to add preferences. There are plenty of dissectors to look at for working examples too.

(20 Jul '16, 12:08) cmaynard ♦♦

Hi, Thanks. I have added a preference for my dissector and it is showing in the edit >> Preferences >> Protocols. I have added a range type of preference to the dissector to read in a range of port numbers. My question is how to use this preference to add these as port numbers for my dissector. Thanks

(20 Jul '16, 12:18) shobhit_garg91

According to the documentation (linked from item 2 above) the preferences get added to the Proto.prefs table. Never tried it myself but hopefully that's a good starting point.

(20 Jul '16, 12:35) JeffMorriss ♦

Hi, I have added the preference for my dissector, and in my dissector, I am trying to read the preference value and use it to add the corresponding port numbers specified in the preference. However when I am opening wireshark, I am getting the following error: "No preference has been registered yet". Please let me know if there is any way to overcome this issue and read the value in the pref to use it as a port number. According to the documentation the pref is returned in the form of a string. Thanks.

(20 Jul '16, 12:49) shobhit_garg91

If your dissector is written in Lua, you might try stating that in the question next time. If you're looking for help with Lua, I posted some useful Lua-related links in my answer to this question, which should help you. In particular, the fpm.lua script uses preferences and should be of particular use to you.

(20 Jul '16, 12:55) cmaynard ♦♦

Thank you everyone. I was able to handle the port numbers dynamically by setting up the dissector preference and using the function prefs_changed().

(21 Jul '16, 07:13) shobhit_garg91
showing 5 of 7 show 2 more comments

0

That's not the way to go about it. For instance this same dissector has to work from the command line in tshark, dissectors may be called multiple times, which makes user interaction a problem.

The solution is either using the method of 'Decode as...' or add a preference for a port range.

answered 18 Jul '16, 13:28

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thanks Jaap. I am trying to register a preference. Specifically I want my dissector to appear in the Edit>> Preferences >> Protocols with a field where I could specify multiple port numbers like the one present for HTTP. Please let me know if there is any method to do so such that those port numbers could be used to specify the dissector about the packets.

(20 Jul '16, 11:47) shobhit_garg91