Update broke dissector

asked 2021-02-22 21:21:33 +0000

I am using a custom lua dissector on UDP packets. I recently updated from wireshark 3.0 to 3.4 and found that while the dissection works fine when viewing on wireshark, when I try to read the packet in pyshark and dissect it with the dissector, it does not dissect properly and the packet object does not contain the dissected layer.

pyshark gives me the error: KeyError: 'Layer does not exist in packet'

By testing different versions of both my code, pyshark, the dissector, and Wireshark. I have determined that the problem must be from a change in Wireshark 3.2 that pyshark doesn't like for some reason, but I have not been able to determine the cause or a fix.

If anyone has any ideas that would be great, thanks!

edit retag flag offensive close merge delete

Comments

pyshark "uses tshark's (wireshark command-line utility) ability to export XMLs"
Have you tested with tshark and compared the outputs of working and not working versions?

Chuckc gravatar imageChuckc ( 2021-02-23 05:42:55 +0000 )edit

Also note that there is no guaranteed dissector compatibility between major versions (e.g. 3.0 -> 3.2 -> 3.4). While this is most important for C based dissectors, the same also holds true for Lua.

grahamb gravatar imagegrahamb ( 2021-02-23 08:16:29 +0000 )edit