Ask Your Question

Revision history [back]

thre .register_heuristic can do this job.

-- heuristic_checker: determine which dissector to use
local function heuristic_checker(buffer, pinfo, tree)
    -- check length
    length = buffer:len()
    if length < 4 then return false end

    -- check something..

    if true then
        -- use my dissector
        MyProto.dissector(buffer, pinfo, tree)
        return true
    else 
        return false
    end
end

-- registe to udp
MyProto:register_heuristic('udp', heuristic_checker)

ref:
https://mika-s.github.io/wireshark/lua/dissector/2018/12/30/creating-port-independent-wireshark-dissectors-in-lua.html

thre .register_heuristic can do this job.

determine proto by custom logic, rather than port. 

-- heuristic_checker: determine which dissector to use
local function heuristic_checker(buffer, pinfo, tree)
    -- check length
    length = buffer:len()
    if length < 4 then return false end

    -- check something..

    if true then
        -- use my dissector
        MyProto.dissector(buffer, pinfo, tree)
        return true
    else 
        return false
    end
end

-- registe to udp
MyProto:register_heuristic('udp', heuristic_checker)

ref:
https://mika-s.github.io/wireshark/lua/dissector/2018/12/30/creating-port-independent-wireshark-dissectors-in-lua.html