Ask Your Question
0

Related packet symbols in Lua dissector

asked 2021-05-21 07:02:08 +0000

Glupsch21 gravatar image

updated 2021-05-21 14:25:45 +0000

cmaynard gravatar image

Hi, I am developing a dissector in Lua for our own protocol. I was wondering if it is possible to tell Wireshark which packets are related to which in a Lua dissector, so that it marks them with the different related packet symbols. For example, signal that a packet is a request and another one is a response or something like that. Is that possible?

I am thinking about the packet symbols as shown here: https://www.wireshark.org/docs/wsug_h...

Thank you

edit retag flag offensive close merge delete
add a comment

3 Answers

Sort by ยป oldest newest most voted
0

answered 2021-05-21 14:24:43 +0000

cmaynard gravatar image

As far as I'm aware, this isn't possible yet, but Issue 15396 - Add Lua support for tracking conversations. is tracking it.

edit flag offensive delete link more
add a comment
0

answered 2021-05-21 09:44:47 +0000

grahamb gravatar image

For C-based dissectors, track the requests and responses (usually via conversations which I don't know how to do in Lua), and then add fields to the tree to say how the current frame is tied to the other, e.g.

  • For the request, add a field indicating the response is in frame x with the field type set to FT_FRAMENUM, and the FRAME_NUM type set to T_FRAMENUM_RESPONSE
  • For the response, add a field indicating the request is in frame x with the field type set to FT_FRAMENUM, and the FRAME_NUM type set to T_FRAMENUM_REQUEST

Some details are in README.request_response_tracking.

For Lua, create the ProtoField with type ftypes.FRAMENUM and the value string one of frametype.REQUEST or frametype.RESPONSE, see here for more info on the Protofield options

edit flag offensive delete link more
add a comment
0

answered 2021-05-21 09:09:33 +0000

Roddyp gravatar image

I haven't tried this, but ProtoField.framenum() is probably a good place to start.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2021-05-21 07:02:08 +0000

Seen: 666 times

Last updated: May 21 '21

Related questions

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Reuse (part of) a Wireshark Dissector

How do I dissect multiple packets?

Use UDS dissector inside DoIP dissector

How do I use the fragment_add_seq_check function in UDP packet reassembly?

Is it possible to use reassembly on non-split packets?

How do I dissect packets if the dissection depends on information from earlier packets?

How to register LUA dissectors without GUI

Little Endian for "Proto_Tree_Add_Bits" Function

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2