Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-08-02 19:13:46 +0000

Chuckc gravatar image

Can you test the Lua script below by saving it to a .lua file in your Personal Lua Plugins folder.
Seems to be working with Webernetz Ultimate Pcap but would like a real world test.
It creates a new field called easypost.counter that starts at 0. (code can be changed to start at 1 if needed)

How Lua fits into Wireshark

(More Lua information in the WSDG)

-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed

-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
    version = "1.0.0",
    author = "Good Coder",
    description = "Important EASYPOST stuff",
    repository = "Floppy in top drawer"
}

set_plugin_info(easypost_info)

-- Step 1a - local storage from stream frame counters
local frame_counters = {}
local frame_index = {}

-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")

-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("easypost.payload", "EASYPOST data") ,
             counter = ProtoField.uint32("easypost.counter", "Frame counter") }

easypost_p.fields = pf

-- Step 4 - create a Field extractor to copy packet field data.
easypost_payload_f = Field.new("tcp.stream")

-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
    local subtree = nil

    -- copy existing field(s) into table for processing
    finfo = { easypost_payload_f() }

    if not subtree then
        subtree = tree:add(easypost_p)
    end
    if (#finfo > 0) and not frame_index[pinfo.number] then
        for k, v in pairs(finfo) do
            -- process data and add results to the tree
        if not frame_counters[v.display] then
            frame_counters[v.display] = 0
                else
            frame_counters[v.display] = frame_counters[v.display] + 1 
        end
        frame_index[pinfo.number] = frame_counters[v.display]
        end
    end

    if frame_index[pinfo.number] then
        subtree:add(pf.counter, frame_index[pinfo.number])
    end
end

-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p)