Hello, I'm trying to write wireshark dissector using lua script. I look at the web pages for examples and explanations : https://wiki.wireshark.org/Lua https://wiki.wireshark.org/Lua/Examples However, i still have something that i do not understand. I receive data in EtherNet/IP (Industrial Protocol) using UDP. So i have something like that IP->UDP->EtherNet/IP --> My dissector Until now, i can use my dissector but it always start at the UDP data level. I want it to start and EtherNet/IP data level. Where should i do that ? And How can I do that ?
I have a doubt about three lines that should contains the modification : Maybe i should set root with something but i cannot find which one ? Where can i find information about that ?
Maybe i need to set something different from "udp" here, but where can i find the string for EtherNet/IP protocol ?
Can anyone help me with that ? Thank you very much!
asked 24 Oct '17, 08:47
Hello, Thank you for your answer. In fact, actually, using wireshark without the dissector I wrote, i get the Capture_CIP.jpg image. The ENIP protocol is used with UDP protocol. I want to add a dissector to parse the data part at the end of the ENIP packet. "Data : 7905010000..."
To do that i wrote the following lua script: -- creates a Proto object, but doesn't register it yet local cip_ttt = Proto("myCIP","CIP Sub Protocol")
With this script, i got the Capture_Actual_Dissector.jpg image.
The problem i meet, is that my dissector starts from the UDP Data packet, and not the data from the ENIP packet. I think it is due to this line:
But i do not know how to change it and with which code in order to to what i want. Can you help me understand what’s wrong in my script and what’s the best solution ? Thank you very much.
answered 26 Oct ‘17, 09:25
edited 26 Oct ‘17, 12:08