 | 1 | initial version |
THERE IS NO ERROR CHECKING in this. Buyer beware!!!
There are a few more fields to be done.
With the existing sample capture being mostly "0" and the ff failed flag it's hard to test the field results in the tree.
Should Beacon Type be a int8 since valid value includes -1?
Frame 814: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_Loopback, id 0
Null/Loopback
Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 1035, Dst Port: 1034
Common Image Generator Interface (3), 127.0.0.1 => 127.0.0.1 (72 bytes)
IG Control (24 bytes)
User-Defined Data (48 bytes)
Packet ID: User-Defined Data (201)
Packet Size (bytes): 48
Data: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000
CIGI Data Protocol
Instance ID: 0
Mode: 0
Mode Secondary: 0
Autostabilization: 0
Autotilt: 0
Gain (dBs): 0
Gain Secondary (dBs): 0
Scan Range (meters): 0
Beacon Type: 255
CIGI data: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000
-- cigidata.lua
-- https://ask.wireshark.org/question/35173/how-to-add-cigis-user-defined-packet-at-wireshark-using-lua-script/
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- Step 1 - document as you go. See header above and set_plugin_info().
local cigidata_info =
{
version = "1.0.0",
author = "Good Coder",
description = "CIGI data",
repository = "Floppy in top drawer"
}
set_plugin_info(cigidata_info)
-- Step 2 - create a protocol to attach new fields to
local cigidata_p = Proto.new("cigidata","CIGI Data Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = {
instance_id = ProtoField.uint16( "cigidata.instance_id", "Instance ID"),
mode = ProtoField.uint8( "cigidata.mode", "Mode"),
mode_secondary = ProtoField.uint8( "cigidata.mode_secondary", "Mode Secondary"),
autostabilization = ProtoField.uint8( "cigidata.autostabilization", "Autostabilization"),
autotilt = ProtoField.uint8( "cigidata.autotilt", "Autotilt"),
gain = ProtoField.float( "cigidata.gain", "Gain (dBs)"),
gain_secondary = ProtoField.float( "cigidata.gain_secondary", "Gain Secondary (dBs)"),
scan_range = ProtoField.float( "cigidata.scan_range", "Scan Range (meters)"),
beacon_type = ProtoField.uint8( "cigidata.beacon_type", "Beacon Type"),
payload = ProtoField.bytes( "cigidata.payload", "CIGI data")
}
cigidata_p.fields = pf
-- Step 4 - create a Field extractor to copy packet field data.
cigidata_payload_f = Field.new("cigi.data")
-- Step 5 - create the postdissector function that will run on each frame/packet
function cigidata_p.dissector(tvb,pinfo,tree)
local subtree = nil
-- copy existing field(s) into table for processing
finfo = { cigidata_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(cigidata_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
-- local field_data = string.format("%s", v):upper()
subtree:add(pf.instance_id, v.range(0,2))
subtree:add(pf.mode, v.range(2,1))
subtree:add(pf.mode_secondary, v.range(3,1))
subtree:add(pf.autostabilization,v.range(4,1))
subtree:add(pf.autotilt, v.range(5,1))
subtree:add(pf.gain, v.range(6,4))
subtree:add(pf.gain_secondary, v.range(10,4))
subtree:add(pf.scan_range, v.range(14,4))
subtree:add(pf.beacon_type, v.range(42,1))
subtree:add(pf.payload, v.range)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(cigidata_p)