Related packet symbols in Lua dissector

asked May 21 '1

Glupsch21
3 ●2 ●4 ●5

updated May 21 '1

cmaynard

11115 ●12 ●321 ●166 https://www.igt.com/

Hi, I am developing a dissector in Lua for our own protocol. I was wondering if it is possible to tell Wireshark which packets are related to which in a Lua dissector, so that it marks them with the different related packet symbols. For example, signal that a packet is a request and another one is a response or something like that. Is that possible?

I am thinking about the packet symbols as shown here: https://www.wireshark.org/docs/wsug_h...

Thank you

add a comment

3 Answers

Sort by » oldest newest most voted

answered May 21 '1

cmaynard

11115 ●12 ●321 ●166 https://www.igt.com/

As far as I'm aware, this isn't possible yet, but Issue 15396 - Add Lua support for tracking conversations. is tracking it.

link

add a comment

answered May 21 '1

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23850 ●4 ●988 ●227 https://www.wireshark.org

For C-based dissectors, track the requests and responses (usually via conversations which I don't know how to do in Lua), and then add fields to the tree to say how the current frame is tied to the other, e.g.

For the request, add a field indicating the response is in frame x with the field type set to FT_FRAMENUM, and the FRAME_NUM type set to T_FRAMENUM_RESPONSE
For the response, add a field indicating the request is in frame x with the field type set to FT_FRAMENUM, and the FRAME_NUM type set to T_FRAMENUM_REQUEST

Some details are in README.request_response_tracking.

For Lua, create the ProtoField with type ftypes.FRAMENUM and the value string one of frametype.REQUEST or frametype.RESPONSE, see here for more info on the Protofield options