How does Wireshark analyze some unknown or proprietary protocol?(not by installing the latest version of Wireshark ) I heard that Wireshark has some API interface to extend its ability to analyze unknown or latest protocols?
thanks in advance .
If none of the dissectors in the Wireshark instance (built-in, plugins or Lua based) can dissect the traffic, the "data" dissector is called as a last resort which just shows the traffic has hex bytes.
To add dissection for a new or "unknown" (it must be "known" to write a dissector) protocol requires a new dissector to be written. See the Wireshark Developers Guide for information on how to do that.
I think the extension OP refers to is the Lua API. If that's the case then yes, Wireshark has to capability to have its dissection engine extended with code written in Lua. That code would then have to take care of dissection of the unknown protocol. Another option is to write a dissector in C, build that as a plugin and add that to the Wireshark installation. Of course that comes with target compilers, etc, while Lua scripts are quite portable.
Asked: 2022-03-01 09:26:16 +0000
Seen: 609 times
Last updated: Mar 01 '22
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
