Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-02-20 12:56:17 +0000

BMWE gravatar image

port assigning to LUA dissector

Hello,

I've a vendor which provides me an application with 3 processes:

  • 1st using ports 10000 and 10001 with protocol 1
  • 2nd using ports 10001 and 10002 with protocol 1
  • 3rd using ports 10002 and 10003 with protocol 2

All the data is sent/received from the same IP, one port is for sending data, other for receiving data.

I'm writing a dissector to the data and need assistance in identifying the protocols in the wireshark .

I'd be glad to have your assistance how to identify the messages.

port assigning to LUA dissector

Hello,

I've a vendor which provides me an application with 3 processes:

  • 1st using ports 10000 and 10001 with protocol 1
  • 2nd using ports 10001 and 10002 with protocol 1
  • 3rd using ports 10002 and 10003 with protocol 2

All the data is sent/received from the same IP, one port is for sending data, other for receiving data.

I'm writing a dissector to the data and need assistance in identifying the protocols in the wireshark .

I'd be glad to have your assistance how to identify the messages.

port assigning to advice on LUA dissector

Hello,

I've I'd be glad to have your advice on this.

I have following scenario:

4 kind of udp protocols: 1. port 2000 for both src and dest 2. Src port 2001 and dest port 2002 3. src port 2002 and dest port 2003 4. Src port 2003 and dest port 2004

Protocols 2&3 are same but the name (i.e I'd like to identify the differnce by name in info field).

All my protocols are described in xml file which I'm parsing into lua structure. The XML file contains enums definition, structs (for example like tcp flags in tcp header) and messages. All protocols have few messages. All the messages starts with some common header (0xAA 0xBB 0xCC), which is also defined as struct, and ends with checksum.

Currently when parsing the protocol, I'm parsing each part (enums, structs, messeges) to be as standalone (yes, of course there is a vendor dependence between all the three).

I'd like to have your advice how to implement it: Each protocol in single file and having an additional file which provides me an application with 3 processes:

  • 1st using checks the ports 10000 and 10001 with and calls the relevant dissector? How about the common header - shall it be declared as a struct in one of the protocols or it is better to declare it already as part of each protocol 1
  • 2nd using ports 10001 and 10002 with protocol 1
  • 3rd using ports 10002 and 10003 with protocol 2

All the data is sent/received from the same IP, one port is for sending data, fields. May be some additional solution? Any other for receiving data.

I'm writing a dissector to the data and need assistance in identifying the protocols in the wireshark .

I'd be glad to have your assistance how to identify the messages.advises would also be welcomed