> From: Wireshark-users <wireshark-users-boun...@wireshark.org> On Behalf Of
> Ariel Burbaickij
> Sent: Monday, August 30, 2021 4:20 AM
> To: Community support list for Wireshark <wireshark-users@wireshark.org>
> Subject: [Wireshark-users] any examples of how to hook up Lua dissector to
> user_dlt tree?
>
> Hello community,
> I would like to write Lua dissector for a binary, i.e. not text, proprietary
> protocol on top of user_dlt.
> Are there any examples available, which roughly show how this is done ? Could
> you point me to them
> as I have not found much interesting yet.
>
> In particular, how actual hooking should look like:
>
> local user_dlt = DissectorTable.get("user_dlt") // user_dlt dissector exists
> in Wireshark
> user_dlt:add(148, my_protocol_to_be_dissected) // my protocol uses user_dlt
> 148
> or is it something else ?
> Kind Regards
> Ariel Burbaickij
This is done just as for any other protocol, either by changing the Wireshark
preferences or specifying the option on the command-line. Assuming "Your
Proprietary Protocol" = ypp and DLT=147 ...
1) Changing Wireshark preference: Edit -> Preferences... -> Protocols ->
DLT_USER -> Encapsulations Table: Edit... -> [+] -> Select DLT 147, Payload
Protocol=ypp, and set other relevant fields as needed -> OK -> OK.
Refs:
https://www.wireshark.org/docs/wsug_html_chunked/ChUserDLTsSection.html
https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything
2) Command-line option:
Windows: Wireshark.exe -o "uat:user_dlts:\"User 1
(DLT=147)\",\"ypp\",\"0\",\"\",\"0\",\"\""
*nix: wireshark -o 'uat:user_dlts:"User 1
(DLT=147)","ypp","0","","0",""'
Refs:
https://www.wireshark.org/docs/man-pages/wireshark.html
https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
I hope that helps?
- Chris
CONFIDENTIALITY NOTICE: This message is the property of International Game
Technology PLC and/or its subsidiaries and may contain proprietary,
confidential or trade secret information. This message is intended solely for
the use of the addressee. If you are not the intended recipient and have
received this message in error, please delete this message from your system.
Any unauthorized reading, distribution, copying, or other use of this message
or its attachments is strictly prohibited.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
