Ask Your Question
0

Can wireshark handle LZO compression on packets?

asked 2025-03-18 17:28:16 +0000

Omi gravatar image

I am looking to generate a dissector for NSE.

From:

https://nsearchives.nseindia.com/web/...

All the packets received from server consist of compress batch header. Compress batch header gives the information about the data packet compressed or not, number of packets in the following data packet and the total size of data packet. Client needs to decompress the data packet using LZO decompression algorithm. After decompression each data packet consists of ST_INFO_HEADER, which has the iCode field to identify the type of the packet. Using iCode field, data info packet is mapped to the respective data packet.

Are there existing capabilities to handle a compressed packet or field in wireshark? In Lua?

edit retag flag offensive close merge delete

Comments

A similar question (Read LZO compressed payload in pcap file).
There is a screen shot of a packet but no sample capture.
Can you share a sample capture file?

Chuckc gravatar imageChuckc ( 2025-03-19 23:12:55 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-03-21 19:12:55 +0000

johnthacker gravatar image

No, the LZO algorithm is not one of the compression algorithms that has API support yet. It probably wouldn't be that difficult to add (or even to support inside a self written dissector, at least if in C.)

There are no dissectors that people have submitted to the project that need it, so there has not been demand for it.

edit flag offensive delete link more

Comments

There is a standard library for LZO:

https://www.oberhumer.com/opensource/...

I could include the code with my dissector but I think the better solution would be to include as common functionality so others can use it. Provided I don't want to be the one updating common wireshark sources what would be my best course of action?

In the meantime, if I made a lua dissector does wireshark allow the lua c dll imports?

Omi gravatar imageOmi ( 2025-03-23 04:15:54 +0000 )edit

Thank you so much for the answer.

JosephDavis gravatar imageJosephDavis ( 2025-03-24 10:55:18 +0000 )edit

Well, the easiest way is to submit a merge request to get it added to the project. If you don't want to do that, you can open an enhancement request: https://gitlab.com/wireshark/wireshar...

The difficulty with an enhancement request is that there's no guarantee how long it might take a developer to get around to it, especially if there's no dissector included with the common code using it.

johnthacker gravatar imagejohnthacker ( 2025-03-24 21:14:49 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-03-18 17:28:16 +0000

Seen: 253 times

Last updated: yesterday

Related questions

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Error while creating a Lua listener in 2.4.2 with filter

Lua Dumper to variable

http2 decrypted data in tshark lua script

Decode as LUA - how do I do that?

LUA: dissector wide global table

Reuse (part of) a Wireshark Dissector

Any way to use cmd tshark for a gns3 wire?

how to change COL_PROTOCOL with lua code