We are trying to create a chained dissector in LUA (as described in Wireshark wiki page) but we are not able to get a reference to existing heuristic dissector ! :( For "normal" (= non-heuristic) dissector, it works fine. In our case, we try to wrap RTPS (Real-Time Publish-Subscribe) protocol.
We looked at source code (in epan/dissectors/packet-rtps.c) and we think we are using expected name. Unfortunately, with Wireshark v2.2.7, we are not able to get UDP heuristic dissector table, nor RTPS dissector. It seems that DissectorTable.get() is only used for "normal" dissector (it triggers an error for heuristic "udp" but not for normal "udp.port"). And Dissector.get("rtps") fails too: no such dissector. But Dissector.get("rtitcp") works fine. We can notice that RTPS is not contained in Dissector.list().
Q1) what are we missing ?
Q2) is it a bug in Wireshark ?
Thanks for your help, Contrib
asked 07 Jun '17, 07:11
Replying to my own questions: it seems there are limitations in current Wireshark LUA API
Concerning RTPS, a workaround to first previous limitation is below: (/!\ need to patch source code + recompile)
Thanks to previous patch, we are able to get access to original RTPS dissector in LUA script thanks to
There is still the second limitation: this time, a workaround is to use UDP dissector table and register the new wrapper to a specific UDP port.
answered 11 Jun ‘17, 14:54