Hello Wireshark users,
What I am about to post is not really a question but more of a request for help. (I hope this is not against the rule of this forum). So far my workflow when writing a new dissector has been the following:
- Write a draft
- Open a capture in Wireshark and see if it works
- Fix the issues in the script
- Close Wireshark
- Go back to 2.
Obviously, this is pretty painful. I am aware that you can debug your code while running Wireshark. However, I feel like opening and closing Wireshark over and over again to reload the dissector is still a pain. This is why I have been working on Wirebait over the past few weeks. It is a small Lua library which enables you to run/debug your dissectors on the fly without the need for Wireshark. You can use a .pcap file or a made up hexadecimal string to feed your dissector.
I am now using Wirebait to test my dissectors as I am writing them, but I would like to get feedback from other Wireshark users. I would be looking to answer the following questions:
- Does it even work with your dissectors and setup?
- Are there ways to make it more useful?
Getting started is really quick, you download the wirebait.lua file in your Lua path, add a code snippet at the top of your dissector file, and now you can run your dissector directly (without Wireshark). I would appreciate any form of feedback/contribution.
Thanks!