Ask Your Question

Revision history [back]

Replace 802.11 dissector with custom lua dissector

I´d like to use a custom 802.11 dissector for a proprietary network protocol that I have analysed (at least in part so far), but I just can't manage to integrate it into wireshark.

The lua dissector is loaded during start, if something goes wrong, wireshark is complaining about stuff and it appears in the protocol overview, but is not applied to my pcaps, even if I disable the ieee80211 protocol in the list.

For now I think, I am not adding it correctly to the upper layer/dissector table, because even:

DissectorTable.get("wtap_encap"):remove_all(Dissector.get("wlan"))

does not change anything. I tried a lot with different dissectors because I am not sure, what dissector the standard 802.11 proto dissector is actually applied to. What I really want to do is something like

DissectorTable.get("wtap_encap"):set(20, mydissector)

Or anything else that let me use my dissector beginning at the frame control field. What I am doing fundamentally wrong that none of my attempts to either replace, add or remove the 802.11 does not work?