wireshark-dissector

问题 I am trying to write a Wireshark dissector (in C) for a custom protocol. The first 3 bits of the packet defines how the rest of the packet is constructed. For example, if these 3 bits are 000, the remainder of the packet is a 5-bit field followed by 2 byte fields. If the leading 3 bit is 001, the remainder of the packet is a 13-bit field followed by a byte field. I can get the leading 3-bit field. In the dissector function, I've tried using this value to tailor the rest of the dissection thus

问题 I am trying to write a Wireshark dissector (in C) for a custom protocol. The first 3 bits of the packet defines how the rest of the packet is constructed. For example, if these 3 bits are 000, the remainder of the packet is a 5-bit field followed by 2 byte fields. If the leading 3 bit is 001, the remainder of the packet is a 13-bit field followed by a byte field. I can get the leading 3-bit field. In the dissector function, I've tried using this value to tailor the rest of the dissection thus

问题 In this code with pyshark import pyshark cap = pyshark.FileCapture(filename) i = 0 for idx, packet in enumerate(cap): i += 1 print i print len(cap._packets) i and len(cap._packets) give two different results. Why is that? 回答1: A look at the source code reveals that _packets is a list containing packets and is only used internally: When iterating through a FileCapture object with keep_packets = True packets are getting added to this list. To get access to all packets in a FileCapture object

问题 I need a Lua table for a wireshark dissector: table xref = { 5123336196=7423345345 } This is clearly not allowed, although I'm not sure why based on the LUA documentation. How do I implement a table crossing large integers to other large integers? 来源： https://stackoverflow.com/questions/59687123/lua-tables-allowed-values-and-syntax

问题 I need a Lua table for a wireshark dissector: table xref = { 5123336196=7423345345 } This is clearly not allowed, although I'm not sure why based on the LUA documentation. How do I implement a table crossing large integers to other large integers? 来源： https://stackoverflow.com/questions/59687123/lua-tables-allowed-values-and-syntax

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 3 years ago . I was wondering if there are any sample wireshark pcaps for diameter protocol out there? If so please share. Thanks 回答1: Here is one sample capture 回答2: I recommend you to take a look at the wireshark wiki regarding diameter, there a sample right there: https://wiki.wireshark.org/DIAMETER 回答3: It won't do you

问题 I have packet with trailer data after the packet as in ixia timestamp trailer. I am trying to write a dissector for Wireshark that is quite the same as ixia-packet_trailer plugin. https://raw.githubusercontent.com/boundary/wireshark/master/epan/dissectors/packet-ixiatrailer.c But i wanted to write in Lua, so it is easiest to change. I did the lua as heuristic with the function is_my_trailer (as proposed in Wireshark Lua dissector plugin table error), it now stop to show the trailer in

问题 I have an application that sends JSON objects over AMQP, and I want to inspect the network traffic with Wireshark. The AMQP dissector gives the payload as a series of bytes in the field amqp.payload , but I'd like to extract and filter on specific fields in the JSON object, so I'm trying to write a plugin in Lua for that. Wireshark already has a dissector for JSON, so I was hoping to piggy-back on that, and not have to deal with JSON parsing myself. Here is my code: local amqp_json_p = Proto(

问题 I'm building a development version of Wireshark to create dissectors, following the tutorial found in their official documentation I receive two warnings and four errors. The four errors seems to come from the fact this link cannot be loaded. The errors are: Build FAILED. "C:\Development\wsbuild64\Wireshark.sln" (default target) (1) -> "C:\Development\wsbuild64\docbook\developer_guide_chm.vcxproj.metaproj" (default target) (15) -> "C:\Development\wsbuild64\docbook\developer_guide_chm.vcxproj"

问题 I have a wireshark plugin built successfully with wireshark 1.10.3 APIs. I have then installed wireshark 1.10.3 on ubuntu 13.04 using apt-get. I have generated a .so file for my plugin and copied it into the correct directory. While trying to load the wireshark I get an undefined sylmbol error. If I change the API I get a build error. I am quite sure that I am using the right API. How do I debug this problem? Can GDB help me in any way? Thanks 来源： https://stackoverflow.com/questions/20323798