This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Write my own protocoll in lua for a packet stream

0

Hi everybody, i wrote my own lua dissector for packets up to the max size of 1440 Bytes. But I would like to capture bigger data packets (e.g. 12k) which a splittet in smaller packets.

Is this possible to write a protocoll which capture more than one packet and put these into one "virtuell" big? If the answer is yes please give me a hint where I can find it or how I can do that.

Thanks folks Dennis

asked 23 Nov '10, 06:34

modula's gravatar image

modula
1111
accept rate: 0%


One Answer:

0

The answer to this may depend on what's splitting the packets. If your protocol is transmitted over TCP, for instance, you can look at http://wiki.wireshark.org/Lua/Dissectors to see how to use the TCP reassembly functions of Wireshark from within a lua dissector.

If instead it's over something like UDP, then your protocol handling code will have to do the reassembly. Because your dissector will be called once for each packet, this implies that you'll need to have some persistent storage outside of the dissector routine to "remember" the various packet pieces until you have enough to reassemble.

answered 02 Jan '11, 08:22

beroset's gravatar image

beroset
2261213
accept rate: 33%