 | 1 | initial version |
It's not possible to extend an existing protocol (LUA script - Add a new Field in the Default TCP Dissector).
The sample captures on the Wireshark wiki Common Image Generator Interface (CIGI) page don't include any user defined fields.
Is the data available in cigi.data?
You could write a post-dissector (see EASYPOST.lua in the wiki lua examples) and create a new protocol that would show up underneath CIGI in the packet details.
Frame 639: 494 bytes on wire (3952 bits), 494 bytes captured (3952 bits)
Ethernet II, Src: SuperMicroCo_25:44:4a (00:30:48:25:44:4a), Dst: Dell_8b:38:31 (00:06:5b:8b:38:31)
Internet Protocol Version 4, Src: 130.38.180.250 (130.38.180.250), Dst: 130.38.180.254 (130.38.180.254)
User Datagram Protocol, Src Port: 32775, Dst Port: 8004
Common Image Generator Interface (2), 130.38.180.250 => 130.38.180.254 (452 bytes)
Important EASYPOST Protocol