Ask Your Question

Multiple ethertype for one dissector

asked 2024-04-22 09:02:22 +0000

Steve@ gravatar image


I am new to lua dissector. I wrote one that works great.

However, several ethertype use the same dissector.

ether_table = DissectorTable.get("ethertype")

ether_table:add(0x1234, my_dissector)

ether_table:add(0x1235, my_dissector)

ether_table:add(0x1236, my_dissector)

ether_table:add(0x1237, my_dissector)

My wish would be to distinguish them in the dissector using the ethertype field.

Currently, I have the following code.

pinfo.cols.protocol = "Information for 'Protocol' column"

Is it possible to obtain the ethertype from the dissector? So I can personalize the 'Protocol' column.

Thanks in advance for the help


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2024-04-22 12:39:47 +0000

Chuckc gravatar image

updated 2024-04-22 12:41:28 +0000

Can you use eth.type? (Wireshark dfref - Ethernet)

-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed
-- 240422 -

-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
    version = "1.0.0",
    author = "Good Coder",
    description = "Important EASYPOST stuff",
    repository = "Floppy in top drawer"


-- Step 2 - create a protocol to attach new fields to
local easypost_p ="easypost","Important EASYPOST Protocol")

-- Step 3 - add some field(s) to Step 2 protocol
local pf = { uint16data = ProtoField.uint16("easypost.uint16data", "EASYPOST uint16", base.HEX, nil) }

easypost_p.fields = pf

-- Step 4 - create a Field extractor to copy packet field data.
easypost_ethtype_f ="eth.type")

-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
    local subtree = nil

    -- copy existing field(s) into table for processing
    finfo = { easypost_ethtype_f() }

    if (#finfo > 0) then
        if not subtree then
            subtree = tree:add(easypost_p)
        for k, v in pairs(finfo) do
            -- process data and add results to the tree
            subtree:add(pf.uint16data, v.range)

-- Step 6 - register the new protocol as a postdissector
edit flag offensive delete link more


Thanks for pointing out the method that did the trick.

I've written the code below which works as expected.

SKFRGB_ethtype_f ="eth.type")

local function get_ethtype()

return SKFRGB_ethtype_f()()


Steve@ gravatar imageSteve@ ( 2024-04-22 15:17:56 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2024-04-22 09:02:22 +0000

Seen: 81 times

Last updated: Apr 22