Testing Lua Dissectors [closed]
Hello Wireshark users,
What I am about to post is not really a question but more of a request for help. (I hope this is not against the rule of this forum). So far my workflow when writing a new dissector has been the following:
- Write a draft
- Open a capture in Wireshark and see if it works
- Fix the issues in the script
- Close Wireshark
- Go back to 2.
Obviously, this is pretty painful. I am aware that you can debug your code while running Wireshark. However, I feel like opening and closing Wireshark over and over again to reload the dissector is still a pain. This is why I have been working on Wirebait over the past few weeks. It is a small Lua library which enables you to run/debug your dissectors on the fly without the need for Wireshark. You can use a .pcap file or a made up hexadecimal string to feed your dissector.
I am now using Wirebait to test my dissectors as I am writing them, but I would like to get feedback from other Wireshark users. I would be looking to answer the following questions:
- Does it even work with your dissectors and setup?
- Are there ways to make it more useful?
Getting started is really quick, you download the wirebait.lua file in your Lua path, add a code snippet at the top of your dissector file, and now you can run your dissector directly (without Wireshark). I would appreciate any form of feedback/contribution.
Thanks!
I would recommend posting this to the wireshark-dev mailing list (and possibly even to the wireshark-users mailing list as well). I would be willing to bet that more people will see it on the mailing list than here, and it's probably a better place to discuss it than the Q&A site anyway.
Small world it seems :), and again very helpful information. I agree with you this is not the right place, I simply wasn't aware of that mailing list. I'll take your advice and try emailing the devs. I should probably take down that question as well.