Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-10-25 09:14:28 +0000

aaadddzxc gravatar image

How to parse the tcp data with fragments in lua

I tried to write the Lua plugin, but it’s always Not right

local xnet_proto = Proto("SL", "SL Protolcol")

local XProto_wHeader = ProtoField.uint8("xnet.wHeader", "wHeader", base.HEX) local XProto_xhToken = ProtoField.uint64("xnet.xhToken", "xhToken", base.DEC) local XProto_Type = ProtoField.uint32("xnet.unOperatorType", "unOperatorType", base.DEC) local XProto_Code = ProtoField.uint32("xnet.unOperatorCode", "unOperatorCode", base.HEX) local XProto_Size = ProtoField.uint32("xnet.unPacketSize", "unPacketSize", base.DEC) local XProto_wSerial = ProtoField.uint8("xnet.wPacketSerial", "wPacketSerial", base.DEC) local XProto_wVersion = ProtoField.uint8("xnet.wVersion", "wVersion", base.DEC) local XProto_wIsReply = ProtoField.uint8("xnet.wIsReply", "wIsReply", base.DEC) local XProto_wTail = ProtoField.uint8("xnet.wTail", "wTail", base.HEX) local XProto_Payload = ProtoField.bytes("xnet.Payload", "Payload", base.NONE)

xnet_proto.fields = { XProto_wHeader, XProto_xhToken, XProto_Type, XProto_Code, XProto_Size, XProto_wSerial, XProto_wVersion, XProto_wIsReply, XProto_wTail, XProto_Payload }

function xnet_proto.dissector(tvb, pinfo, treeitem)

pinfo.cols.protocol:set("SL")
pinfo.cols.info:set("SL Protocol")

local offset = pinfo.desegment_offset or 0
local tvb_len = tvb:len()

local xnet_tree = treeitem:add(xnet_proto, tvb:range(tvb_len))
xnet_tree:add_le(XProto_wHeader, tvb(offset, 2))   
offset = offset + 2
xnet_tree:add_le(XProto_xhToken, tvb(offset, 8))
offset = offset + 8
xnet_tree:add_le(XProto_Type, tvb(offset, 4))
offset = offset + 4
xnet_tree:add_le(XProto_Code, tvb(offset, 4))
offset = offset + 4
xnet_tree:add_le(XProto_Size, tvb(offset, 4))
offset = offset + 4
xnet_tree:add_le(XProto_wSerial, tvb(offset, 2))
offset = offset + 2
xnet_tree:add_le(XProto_wVersion, tvb(offset, 2))
offset = offset + 2
xnet_tree:add_le(XProto_wIsReply, tvb(offset, 2))
offset = offset + 2
xnet_tree:add_le(XProto_wTail, tvb(offset, 2))
offset = offset + 2

offset = pinfo.desegment_offset or 0
local frameLength = XProto_Size

while true
do
    local nextFrame = offset + frameLength;

    if  tvb:len() <  nextFrame then
        pinfo.desegment_len = nextFrame - tvb:len()
        return
    end
    if tvb:len() == nextFrame then 
        xnet_tree:add(XProto_Payload, XProto_Size)
        break
    end
end

end

local tcp_port_table = DissectorTable.get("tcp.port") --tcp_port_table:add(6000, xnet_proto) --tcp_port_table:add(6001, xnet_proto) tcp_port_table:add(6002, xnet_proto

click to hide/show revision 2
None

updated 2018-10-25 10:35:41 +0000

grahamb gravatar image

How to parse the tcp data with fragments in lua

I tried to write the Lua plugin, but it’s always Not right

local xnet_proto = Proto("SL", "SL Protolcol")

local XProto_wHeader = ProtoField.uint8("xnet.wHeader", "wHeader", base.HEX) local XProto_xhToken = ProtoField.uint64("xnet.xhToken", "xhToken", base.DEC) local XProto_Type = ProtoField.uint32("xnet.unOperatorType", "unOperatorType", base.DEC) local XProto_Code = ProtoField.uint32("xnet.unOperatorCode", "unOperatorCode", base.HEX) local XProto_Size = ProtoField.uint32("xnet.unPacketSize", "unPacketSize", base.DEC) local XProto_wSerial = ProtoField.uint8("xnet.wPacketSerial", "wPacketSerial", base.DEC) local XProto_wVersion = ProtoField.uint8("xnet.wVersion", "wVersion", base.DEC) local XProto_wIsReply = ProtoField.uint8("xnet.wIsReply", "wIsReply", base.DEC) local XProto_wTail = ProtoField.uint8("xnet.wTail", "wTail", base.HEX) local XProto_Payload = ProtoField.bytes("xnet.Payload", "Payload", base.NONE)

base.NONE) xnet_proto.fields = { XProto_wHeader, XProto_xhToken, XProto_Type, XProto_Code, XProto_Size, XProto_wSerial, XProto_wVersion, XProto_wIsReply, XProto_wTail, XProto_Payload }

} function xnet_proto.dissector(tvb, pinfo, treeitem)

treeitem)

    pinfo.cols.protocol:set("SL")
 pinfo.cols.info:set("SL Protocol")

 local offset = pinfo.desegment_offset or 0
 local tvb_len = tvb:len()

 local xnet_tree = treeitem:add(xnet_proto, tvb:range(tvb_len))
 xnet_tree:add_le(XProto_wHeader, tvb(offset, 2))   
 offset = offset + 2
 xnet_tree:add_le(XProto_xhToken, tvb(offset, 8))
 offset = offset + 8
 xnet_tree:add_le(XProto_Type, tvb(offset, 4))
 offset = offset + 4
 xnet_tree:add_le(XProto_Code, tvb(offset, 4))
 offset = offset + 4
 xnet_tree:add_le(XProto_Size, tvb(offset, 4))
 offset = offset + 4
 xnet_tree:add_le(XProto_wSerial, tvb(offset, 2))
 offset = offset + 2
 xnet_tree:add_le(XProto_wVersion, tvb(offset, 2))
 offset = offset + 2
 xnet_tree:add_le(XProto_wIsReply, tvb(offset, 2))
 offset = offset + 2
 xnet_tree:add_le(XProto_wTail, tvb(offset, 2))
 offset = offset + 2

 offset = pinfo.desegment_offset or 0
 local frameLength = XProto_Size

 while true
 do
     local nextFrame = offset + frameLength;

     if  tvb:len() <  nextFrame then
         pinfo.desegment_len = nextFrame - tvb:len()
         return
     end
     if tvb:len() == nextFrame then 
         xnet_tree:add(XProto_Payload, XProto_Size)
         break
        end
    end
end

end

local tcp_port_table = DissectorTable.get("tcp.port") --tcp_port_table:add(6000, xnet_proto) --tcp_port_table:add(6001, xnet_proto) tcp_port_table:add(6002, xnet_proto

xnet_proto
click to hide/show revision 3
retagged

updated 2019-01-30 17:22:32 +0000

cmaynard gravatar image

How to parse the tcp data with fragments in lua

I tried to write the Lua plugin, but it’s always Not right

local xnet_proto = Proto("SL", "SL Protolcol")

local XProto_wHeader = ProtoField.uint8("xnet.wHeader", "wHeader", base.HEX)
local XProto_xhToken = ProtoField.uint64("xnet.xhToken", "xhToken", base.DEC)
local XProto_Type = ProtoField.uint32("xnet.unOperatorType", "unOperatorType", base.DEC)
local XProto_Code = ProtoField.uint32("xnet.unOperatorCode", "unOperatorCode", base.HEX)
local XProto_Size = ProtoField.uint32("xnet.unPacketSize", "unPacketSize", base.DEC)
local XProto_wSerial = ProtoField.uint8("xnet.wPacketSerial", "wPacketSerial", base.DEC)
local XProto_wVersion = ProtoField.uint8("xnet.wVersion", "wVersion", base.DEC)
local XProto_wIsReply = ProtoField.uint8("xnet.wIsReply", "wIsReply", base.DEC)
local XProto_wTail = ProtoField.uint8("xnet.wTail", "wTail", base.HEX)
local XProto_Payload = ProtoField.bytes("xnet.Payload", "Payload", base.NONE)

xnet_proto.fields = 
{
    XProto_wHeader,
    XProto_xhToken,
    XProto_Type,
    XProto_Code,
    XProto_Size,
    XProto_wSerial,
    XProto_wVersion,
    XProto_wIsReply,
    XProto_wTail,
    XProto_Payload
}

function xnet_proto.dissector(tvb, pinfo, treeitem)

    pinfo.cols.protocol:set("SL")
    pinfo.cols.info:set("SL Protocol")

    local offset = pinfo.desegment_offset or 0
    local tvb_len = tvb:len()

    local xnet_tree = treeitem:add(xnet_proto, tvb:range(tvb_len))
    xnet_tree:add_le(XProto_wHeader, tvb(offset, 2))   
    offset = offset + 2
    xnet_tree:add_le(XProto_xhToken, tvb(offset, 8))
    offset = offset + 8
    xnet_tree:add_le(XProto_Type, tvb(offset, 4))
    offset = offset + 4
    xnet_tree:add_le(XProto_Code, tvb(offset, 4))
    offset = offset + 4
    xnet_tree:add_le(XProto_Size, tvb(offset, 4))
    offset = offset + 4
    xnet_tree:add_le(XProto_wSerial, tvb(offset, 2))
    offset = offset + 2
    xnet_tree:add_le(XProto_wVersion, tvb(offset, 2))
    offset = offset + 2
    xnet_tree:add_le(XProto_wIsReply, tvb(offset, 2))
    offset = offset + 2
    xnet_tree:add_le(XProto_wTail, tvb(offset, 2))
    offset = offset + 2

    offset = pinfo.desegment_offset or 0
    local frameLength = XProto_Size

    while true
    do
        local nextFrame = offset + frameLength;

        if  tvb:len() <  nextFrame then
            pinfo.desegment_len = nextFrame - tvb:len()
            return
        end
        if tvb:len() == nextFrame then 
            xnet_tree:add(XProto_Payload, XProto_Size)
            break
        end
    end
end

local tcp_port_table = DissectorTable.get("tcp.port")
--tcp_port_table:add(6000, xnet_proto)
--tcp_port_table:add(6001, xnet_proto)
tcp_port_table:add(6002, xnet_proto
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2