Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2024-04-22 12:39:47 +0000

Chuckc gravatar image

Can you use eth.type? (Wireshark dfref - Ethernet)

-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- 240422 - https://ask.wireshark.org/question/34350/multiple-ethertype-for-one-dissector/

-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
    version = "1.0.0",
    author = "Good Coder",
    description = "Important EASYPOST stuff",
    repository = "Floppy in top drawer"
}

set_plugin_info(easypost_info)

-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")

-- Step 3 - add some field(s) to Step 2 protocol
local pf = { uint16data = ProtoField.uint16("easypost.uint16data", "EASYPOST uint16", base.HEX, nil) }

easypost_p.fields = pf

-- Step 4 - create a Field extractor to copy packet field data.
easypost_ethtype_f = Field.new("eth.type")

-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
    local subtree = nil

    -- copy existing field(s) into table for processing
    finfo = { easypost_ethtype_f() }

    if (#finfo > 0) then
        if not subtree then
            subtree = tree:add(easypost_p)
        end
        for k, v in pairs(finfo) do
            -- process data and add results to the tree
        subtree:add(pf.uint16data, v.range)
        end
    end
end

-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p)

Can you use eth.type? (Wireshark dfref - Ethernet)

-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- 240422 - https://ask.wireshark.org/question/34350/multiple-ethertype-for-one-dissector/

-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
    version = "1.0.0",
    author = "Good Coder",
    description = "Important EASYPOST stuff",
    repository = "Floppy in top drawer"
}

set_plugin_info(easypost_info)

-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")

-- Step 3 - add some field(s) to Step 2 protocol
local pf = { uint16data = ProtoField.uint16("easypost.uint16data", "EASYPOST uint16", base.HEX, nil) }

easypost_p.fields = pf

-- Step 4 - create a Field extractor to copy packet field data.
easypost_ethtype_f = Field.new("eth.type")

-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
    local subtree = nil

    -- copy existing field(s) into table for processing
    finfo = { easypost_ethtype_f() }

    if (#finfo > 0) then
        if not subtree then
            subtree = tree:add(easypost_p)
        end
        for k, v in pairs(finfo) do
            -- process data and add results to the tree
         subtree:add(pf.uint16data, v.range)
        end
    end
end

-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p)