Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Run existing heuristics after dissection

I have written a Lua plugin that registers a FileHandler to read some proprietary log files. I also have a dissector that runs on those log files, pulling out metadata fields. Finally, I am left with the body of each TCP message.

I know I can run a particular dissector by retreiving it with Dissector.get() and calling dissector:call(). That works with both default dissectors and custom plugins I have previously written.

I would like to run the heuristics in the "tcp" heuristics dissector table against the message body, falling back on "data" if nothing matches. Is there any way to do that from Lua?

Run existing heuristics after dissection

I have written a Lua plugin that registers a FileHandler to read some proprietary log files. I also have a dissector that runs on those log files, pulling out metadata fields. Finally, I am left with the body of each message, which was sent as TCP message.before being written to this log.

I know I can run a particular dissector by retreiving it with Dissector.get() and calling dissector:call(). That works with both default dissectors and custom plugins I have previously written.

I would like to run the heuristics in the "tcp" heuristics dissector table against the message body, falling back on "data" if nothing matches. Is there any way to do that from Lua?

Run existing heuristics after dissection

I have written a Lua plugin that registers a FileHandler to read some proprietary log files. I also have a dissector that runs on those log files, pulling out metadata fields. Finally, I am left with the body of each message, which was sent as TCP before being written to this log.

I know I can run a particular dissector against the message body by retreiving it with Dissector.get() and calling dissector:call(). That works with both default dissectors and custom plugins I have previously written.

I would like to run the heuristics in the "tcp" heuristics dissector table against the message body, falling back on "data" if nothing matches. Is there any way to do that from Lua?