![]() The reason this was written is getting "test" files to see how it works is trivial, since any pcap file will do (the old style pcap files, not pcapng). It's neither comprehensive nor error-free, and is not intended as a replacement for the built-in ability of Wireshark/Tshark to read pcap files. This script creates an elementary file reader and writer for the legacy pcap file format. Like the dissector tutorial script above, this script is too long to embed in this page, and it's much better to view it in a text editor that supports Lua syntax highlighting, because there are a lot of comments in the script explaining things.Īlso like dissector tutorial script above, the purpose of this script is to provide a reference tutorial as well as a test script. A custom file reader & writer tutorial scriptĭownload this pcap_a file for an example Lua script for a custom file format reader and writer. To see it in action, download the segmented_fpm.pcap capture file made for this script, and open that. How to use this script: Once the script is loaded, it creates a new protocol named "FPM". ![]() The script is too long to embed in this page, and it's much better to view it in a text editor that supports Lua syntax highlighting, because there are a lot of comments in the script explaining things. A dissector tutorial with TCP-reassemblyĭownload this fpm.lua file for an example Lua script for a TCP-based protocol dissector. ![]() Another way is to download the dns_port.pcap capture file made for this script, and open that - since the DNS packets in it use UDP port 65333 (instead of the default 53), and since the MyDNS protocol in this script has been set to automatically decode UDP port 65333, it will automagically do it without doing "Decode As …". Voila`, you're now decoding DNS packets using the simplistic dissector in this script. If you have a capture file with DNS packets in it, simply select one in the Packet List pane, right-click on it, and select "Decode As …", and then in the dialog box that shows up scroll down the list of protocols to one called "MYDNS", select that and click the "ok" or "apply" button. How to use this script: Once the script is loaded, it creates a new protocol named "MyDNS" (or "MYDNS" in some places). We also have other example Lua scripts, but the nice thing about this one is getting capture files to run it against is trivial. The goal isn't to fully dissect DNS properly - Wireshark already has a good DNS dissector built-in. It's neither comprehensive nor error-free with regards to the DNS protocol. This script creates an elementary dissector for DNS. If you wonder why some functions are called some way, or differently than previous invocations of the same function: the reason is its trying to to show both that it can be done numerous ways, but also trying to test those numerous ways. To test various functions being called in various ways, so this script can be used in the test-suites.To provide a reference tutorial for others writing Wireshark dissectors in Lua.Tutorial scripts A dissector tutorial scriptĭownload this a file for an example Lua script for a protocol dissector. Create new data (tvb) with ByteArray and Struct.Using Lua to register protocols to more ports.A custom file reader & writer tutorial script.A dissector tutorial with TCP-reassembly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |