Ask Your Question
0

how does wireshark to analyze some unknown or proprietary protocol ?

asked 2022-03-01 09:26:16 +0000

bianmingkai gravatar image

How does Wireshark analyze some unknown or proprietary protocol?(not by installing the latest version of Wireshark ) I heard that Wireshark has some API interface to extend its ability to analyze unknown or latest protocols?
thanks in advance .

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-03-01 09:38:38 +0000

grahamb gravatar image

If none of the dissectors in the Wireshark instance (built-in, plugins or Lua based) can dissect the traffic, the "data" dissector is called as a last resort which just shows the traffic has hex bytes.

To add dissection for a new or "unknown" (it must be "known" to write a dissector) protocol requires a new dissector to be written. See the Wireshark Developers Guide for information on how to do that.

edit flag offensive delete link more

Comments

I think the extension OP refers to is the Lua API. If that's the case then yes, Wireshark has to capability to have its dissection engine extended with code written in Lua. That code would then have to take care of dissection of the unknown protocol. Another option is to write a dissector in C, build that as a plugin and add that to the Wireshark installation. Of course that comes with target compilers, etc, while Lua scripts are quite portable.

Jaap gravatar imageJaap ( 2022-03-01 12:29:28 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-03-01 09:26:16 +0000

Seen: 853 times

Last updated: Mar 01 '22