 | 1 | initial version |
Starting point is EASYPOST.lua found on wiki: https://wiki.wireshark.org/lua#examples
Use Help->About Wireshark:Folders to locate the Personal Lua Plugins folder and save code below to a .lua file.
-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
version = "1.0.0",
author = "Good Coder",
description = "Important EASYPOST stuff",
repository = "Floppy in top drawer"
}
set_plugin_info(easypost_info)
-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { rx_payload = ProtoField.bytes("easypost.rx_payload", "EASYPOST RX data"),
tx_payload = ProtoField.bytes("easypost.tx_payload", "EASYPOST TX data") }
easypost_p.fields = pf
-- Step 4 - create a Field extractor to copy packet field data.
easypost_rx_payload_f = Field.new("ftdi-ft.if_a_rx_payload")
easypost_tx_payload_f = Field.new("ftdi-ft.if_a_tx_payload")
-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
local subtree = nil
-- copy existing field(s) into table for processing
finfo = { easypost_rx_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
subtree:add(pf.rx_payload, v.range)
end
end
finfo = { easypost_tx_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
subtree:add(pf.tx_payload, v.range)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p)
Frame 3003: 36 bytes on wire (288 bits), 36 bytes captured (288 bits) on interface \\.\USBPcap1, id 0
USB URB
FTDI FT USB
Modem Status: 0x01, Full Speed 64 byte MAX packet
Line Status: 0x00
.... ..0. = Receive Overflow Error: False
.... .0.. = Parity Error: False
.... 0... = Framing Error: False
...0 .... = Break Received: False
..0. .... = Transmitter Holding Register Empty: False
.0.. .... = Transmitter Empty: False
A RX payload: 1f1f1f1f1f1f1f
Important EASYPOST Protocol
EASYPOST RX data: 1f1f1f1f1f1f1f
| | 2 | No.2 Revision |
Starting point is EASYPOST.lua found on wiki: https://wiki.wireshark.org/lua#examples
Use Help->About Wireshark:Folders to locate the Personal Lua Plugins folder and save code below to a .lua file.
-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
version = "1.0.0",
author = "Good Coder",
description = "Important EASYPOST stuff",
repository = "Floppy in top drawer"
}
set_plugin_info(easypost_info)
-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { rx_payload = ProtoField.bytes("easypost.rx_payload", "EASYPOST RX data"),
tx_payload = ProtoField.bytes("easypost.tx_payload", "EASYPOST TX data") }
easypost_p.fields = pf
-- Step 4 - create a Field extractor to copy packet field data.
easypost_rx_payload_f = Field.new("ftdi-ft.if_a_rx_payload")
easypost_tx_payload_f = Field.new("ftdi-ft.if_a_tx_payload")
-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
local subtree = nil
-- copy existing field(s) into table for processing
finfo = { easypost_rx_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
subtree:add(pf.rx_payload, v.range)
end
end
finfo = { easypost_tx_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
subtree:add(pf.tx_payload, v.range)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p)
Frame 3003: 36 bytes on wire (288 bits), 36 bytes captured (288 bits) on interface \\.\USBPcap1, id 0
USB URB
FTDI FT USB
Modem Status: 0x01, Full Speed 64 byte MAX packet
Line Status: 0x00
.... ..0. = Receive Overflow Error: False
.... .0.. = Parity Error: False
.... 0... = Framing Error: False
...0 .... = Break Received: False
..0. .... = Transmitter Holding Register Empty: False
.0.. .... = Transmitter Empty: False
A RX payload: 1f1f1f1f1f1f1f
Important EASYPOST Protocol
EASYPOST RX data: 1f1f1f1f1f1f1f
240416 Update: add screenshot for discussion in comments below.
| | 3 | No.3 Revision |
Starting point is EASYPOST.lua found on wiki: https://wiki.wireshark.org/lua#examples
Use Help->About Wireshark:Folders to locate the Personal Lua Plugins folder and save code below to a .lua file.
-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
version = "1.0.0",
author = "Good Coder",
description = "Important EASYPOST stuff",
repository = "Floppy in top drawer"
}
set_plugin_info(easypost_info)
-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { rx_payload = ProtoField.bytes("easypost.rx_payload", "EASYPOST RX data"),
tx_payload = ProtoField.bytes("easypost.tx_payload", "EASYPOST TX data") }
easypost_p.fields = pf
-- Step 4 - create a Field extractor to copy packet field data.
easypost_rx_payload_f = Field.new("ftdi-ft.if_a_rx_payload")
easypost_tx_payload_f = Field.new("ftdi-ft.if_a_tx_payload")
-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
local subtree = nil
-- copy existing field(s) into table for processing
finfo = { easypost_rx_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
subtree:add(pf.rx_payload, v.range)
end
end
finfo = { easypost_tx_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
subtree:add(pf.tx_payload, v.range)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p)
Frame 3003: 36 bytes on wire (288 bits), 36 bytes captured (288 bits) on interface \\.\USBPcap1, id 0
USB URB
FTDI FT USB
Modem Status: 0x01, Full Speed 64 byte MAX packet
Line Status: 0x00
.... ..0. = Receive Overflow Error: False
.... .0.. = Parity Error: False
.... 0... = Framing Error: False
...0 .... = Break Received: False
..0. .... = Transmitter Holding Register Empty: False
.0.. .... = Transmitter Empty: False
A RX payload: 1f1f1f1f1f1f1f
Important EASYPOST Protocol
EASYPOST RX data: 1f1f1f1f1f1f1f
240416 Update: add screenshot for discussion in comments below.
TX data column is actually both TX and RX - easypost.tx_payload or easypost.rx_payload