Does Wireshark natively support Class C and Class D protocols to retrieve EMP (Edge Message Protocol) messages or is a plugin required for this functionality? If a plugin is needed, which one should be installed to enable support for the Class D protocol?
A lua post-dissector is quick way to experiment and get fields added to the tree.
From there the dissector can be modified to be called from another dissector such as UDP or TCP.
And then if you want better performance and to contribute to the Wireshark code base, move it to C.
EASYPOST.lua available from the Wireshark Wiki lua page just drops in and adds a protocol and field to the tree as a starting point.
There are several lua Sharkfest presentations.
I did one at SF22US (Kansas City) and SF23US (San Diego) that while not as detailed as earlier ones, reflect the current state of lua in Wireshark.
The dissector tutorial script covers a lot of what can be done in Lua.
Wiki pages Lua/Examples and Contrib good references also.
And the Lua section of the WSDG Chapter 10. Lua Support in Wireshark
Thank you for your quick response. I am trying to build a custom dissector. I have access to the S-9356 Class D Messaging, which I’m using as a reference. My goal is to develop a Lua or C-based dissector for EMP messages over Class D, and I’d appreciate any guidance or pointers you can provide regarding implementation or integration with Wireshark. Thanks again for your time and support.
The Class D page to which you linked says "Class D is a protocol that converts a stream based TCP protocol to a message or transaction based protocol.", and includes a fixed-length header with a field indicating the length of the message body.
The way to handle that is described in the How to reassemble split TCP packets section of the Developer's Guide, It's also usable from Lua, but, unfortunately, nobody's written any documentation for the Lua API in the Developer's Guide.
Asked: 2025-07-03 02:40:50 +0000
Seen: 379 times
Last updated: Aug 04
Are we talking about CLASS D MESSAGING SPECIFICATION Standard S-9356 here?
Yes, that's correct, I’m referring to the CLASS D MESSAGING SPECIFICATION & EMP (Edge Messaging Protocol) messages. I’m not sure about the Standard #.
The author of the github.io page linked to above has LinkedIn contact at the top of the page.
I opened a github issue to ask if a dissector is available:
https://github.com/ericwu1997/ericwu1...
(250707 Update: "Unfortunately, the director (dissector?) is for company internal use ...")
@Chuckc - Thank you for the clarification regarding the dissector being for internal use.
Would you be able to help or guide me in developing a custom dissector—either in Lua or C—for parsing EMP messages over Class D? Any documentation, sample code, or suggestions on where to start would be greatly appreciated. I'm especially interested in understanding how to structure the protocol layers and register it properly in Wireshark.
Thank you in advance for your time and support.
Do you have access to the documents that define the message protocols?
AAR List of standards
Do you want to build a dissector or are you trying to reverse engineer the protocols with Wireshark?