 | 1 | initial version |
You could use a Lua script to create a new field and format the data as needed.
(See example: How to change the info column in a protobuf dissector.)
-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
version = "1.0.0",
author = "Good Coder",
description = "Important EASYPOST stuff",
repository = "Floppy in top drawer"
}
set_plugin_info(easypost_info)
-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("easypost.payload", "EASYPOST data") }
easypost_p.fields = pf
-- Step 4 - create a Field extractor to copy packet field data.
-- easypost_payload_f = Field.new("frame.protocols")
easypost_payload_f = Field.new("synphasor.phasor")
-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
local subtree = nil
-- copy existing field(s) into table for processing
finfo = { easypost_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
field_display = string.gsub(v.display, "^[^,]+,[ ]+", "")
subtree:add(pf.payload, field_display)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p, true)
Using the sample file mentioned above. (Profile specified to get needed DLT config info.)
C:\>"c:\Program Files\Wireshark\tshark.exe" -C 250408_missing_experts -r 351S_synphasor_serial.pcap -V -Y frame.number==651 -T fields -e easypost.payload -E aggregator="|" 11.270A ∠-26.053° alt 10.125+j -4.950A; unscaled: 45, -22|4.528A ∠-26.565° alt 4.050+j -2.025A; unscaled: 18, -9|4.227A ∠-25.201° alt 3.825+j -1.800A; unscaled: 17, -8|1.677A ∠-26.565° alt 1.500+j -0.750A; unscaled: 20, -10|5.909V ∠-23.962° alt 5.400+j -2.400V; unscaled: 9, -4|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|2.216A ∠-23.962° alt 2.025+j -0.900A; unscaled: 9, -4|0.000V ∠ 0.000° alt 0.000+j 0.000V; unscaled: 0, 0
The string.gsub() above deletes text up to the , and spaces before next non-space character.
To get the remainder (including the ;) it might be easier to read as two steps:
-- process data and add results to the tree
field_display = string.gsub(v.display, "^[^,]+,[ ]+", "")
field_display = string.gsub(field_display, ";.+$", "")
subtree:add(pf.payload, field_display
C:\>"c:\Program Files\Wireshark\tshark.exe" -C 250408_missing_experts -r 351S_synphasor_serial.pcap -V -Y frame.number==651 -T fields -e easypost.payload -E aggregator="|" 11.270A ∠-26.053° alt 10.125+j -4.950A|4.528A ∠-26.565° alt 4.050+j -2.025A|4.227A ∠-25.201° alt 3.825+j -1.800A|1.677A ∠-26.565° alt 1.500+j -0.750A|5.909V ∠-23.962° alt 5.400+j -2.400V|7.250V ∠-24.444° alt 6.600+j -3.000V|7.250V ∠-24.444° alt 6.600+j -3.000V|7.250V ∠-24.444° alt 6.600+j -3.000V|2.216A ∠-23.962° alt 2.025+j -0.900A|0.000V ∠ 0.000° alt 0.000+j 0.000V
| | 2 | No.2 Revision |
You could use a Lua script to create a new field and format the data as needed.
(See example: How to change the info column in a protobuf dissector.)
-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
version = "1.0.0",
author = "Good Coder",
description = "Important EASYPOST stuff",
repository = "Floppy in top drawer"
}
set_plugin_info(easypost_info)
-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("easypost.payload", "EASYPOST data") }
easypost_p.fields = pf
-- Step 4 - create a Field extractor to copy packet field data.
-- easypost_payload_f = Field.new("frame.protocols")
easypost_payload_f = Field.new("synphasor.phasor")
-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
local subtree = nil
-- copy existing field(s) into table for processing
finfo = { easypost_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
field_display = string.gsub(v.display, "^[^,]+,[ ]+", "")
subtree:add(pf.payload, field_display)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p, true)
Using the sample file mentioned above. (Profile specified to get needed DLT config info.)
C:\>"c:\Program Files\Wireshark\tshark.exe" -C 250408_missing_experts -r 351S_synphasor_serial.pcap -V -Y frame.number==651 -T fields -e easypost.payload -E aggregator="|" 11.270A ∠-26.053° alt 10.125+j -4.950A; unscaled: 45, -22|4.528A ∠-26.565° alt 4.050+j -2.025A; unscaled: 18, -9|4.227A ∠-25.201° alt 3.825+j -1.800A; unscaled: 17, -8|1.677A ∠-26.565° alt 1.500+j -0.750A; unscaled: 20, -10|5.909V ∠-23.962° alt 5.400+j -2.400V; unscaled: 9, -4|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|2.216A ∠-23.962° alt 2.025+j -0.900A; unscaled: 9, -4|0.000V ∠ 0.000° alt 0.000+j 0.000V; unscaled: 0, 0
The string.gsub() above deletes text up to the , and spaces before next non-space character.
To get the remainder (including the ;) it might be easier to read as two steps:
-- process data and add results to the tree
field_display = string.gsub(v.display, "^[^,]+,[ ]+", "")
field_display = string.gsub(field_display, ";.+$", "")
subtree:add(pf.payload, field_display
field_display)
C:\>"c:\Program Files\Wireshark\tshark.exe" -C 250408_missing_experts -r 351S_synphasor_serial.pcap -V -Y frame.number==651 -T fields -e easypost.payload -E aggregator="|" 11.270A ∠-26.053° alt 10.125+j -4.950A|4.528A ∠-26.565° alt 4.050+j -2.025A|4.227A ∠-25.201° alt 3.825+j -1.800A|1.677A ∠-26.565° alt 1.500+j -0.750A|5.909V ∠-23.962° alt 5.400+j -2.400V|7.250V ∠-24.444° alt 6.600+j -3.000V|7.250V ∠-24.444° alt 6.600+j -3.000V|7.250V ∠-24.444° alt 6.600+j -3.000V|2.216A ∠-23.962° alt 2.025+j -0.900A|0.000V ∠ 0.000° alt 0.000+j 0.000V
| | 3 | No.3 Revision |
You could use a Lua script to create a new field and format the data as needed.
(See example: How to change the info column in a protobuf dissector.)
-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
version = "1.0.0",
author = "Good Coder",
description = "Important EASYPOST stuff",
repository = "Floppy in top drawer"
}
set_plugin_info(easypost_info)
-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("easypost.payload", "EASYPOST data") }
easypost_p.fields = pf
-- Step 4 - create a Field extractor to copy packet field data.
-- easypost_payload_f = Field.new("frame.protocols")
easypost_payload_f = Field.new("synphasor.phasor")
-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
local subtree = nil
-- copy existing field(s) into table for processing
finfo = { easypost_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
field_display = string.gsub(v.display, "^[^,]+,[ ]+", "")
subtree:add(pf.payload, field_display)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p, true)
Using the sample file mentioned above. (Profile specified to get needed DLT config info.)
C:\>"c:\Program Files\Wireshark\tshark.exe" -C 250408_missing_experts -r 351S_synphasor_serial.pcap -V -Y frame.number==651 -T fields -e easypost.payload -E aggregator="|" 11.270A ∠-26.053° alt 10.125+j -4.950A; unscaled: 45, -22|4.528A ∠-26.565° alt 4.050+j -2.025A; unscaled: 18, -9|4.227A ∠-25.201° alt 3.825+j -1.800A; unscaled: 17, -8|1.677A ∠-26.565° alt 1.500+j -0.750A; unscaled: 20, -10|5.909V ∠-23.962° alt 5.400+j -2.400V; unscaled: 9, -4|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|7.250V ∠-24.444° alt 6.600+j -3.000V; unscaled: 11, -5|2.216A ∠-23.962° alt 2.025+j -0.900A; unscaled: 9, -4|0.000V ∠ 0.000° alt 0.000+j 0.000V; unscaled: 0, 0
The string.gsub() above deletes text up to the , and spaces before next non-space character.
To get the remainder (including the ;) it might be easier to read as two steps:
-- process data and add results to the tree
field_display = string.gsub(v.display, "^[^,]+,[ ]+", "")
field_display = string.gsub(field_display, ";.+$", "")
subtree:add(pf.payload, field_display)
C:\>"c:\Program Files\Wireshark\tshark.exe" -C 250408_missing_experts -r 351S_synphasor_serial.pcap -V -Y frame.number==651 -T fields -e easypost.payload -E aggregator="|" 11.270A ∠-26.053° alt 10.125+j -4.950A|4.528A ∠-26.565° alt 4.050+j -2.025A|4.227A ∠-25.201° alt 3.825+j -1.800A|1.677A ∠-26.565° alt 1.500+j -0.750A|5.909V ∠-23.962° alt 5.400+j -2.400V|7.250V ∠-24.444° alt 6.600+j -3.000V|7.250V ∠-24.444° alt 6.600+j -3.000V|7.250V ∠-24.444° alt 6.600+j -3.000V|2.216A ∠-23.962° alt 2.025+j -0.900A|0.000V ∠ 0.000° alt 0.000+j 0.000V