Ask Your Question

cmcqueen1975's profile - activity

2019-02-04 04:18:26 +0000 marked best answer Dissector preferences with alternative representations

I've got a custom dissector written in Lua. The protocol has encryption, which needs a 16-byte encryption key to decode, so I've made that a protocol preference, with the key entered as 32 hex digits. That's working fine.

I'd like to have the possibility of entering a protocol encryption key as a keyphrase instead, where the encryption key is a hash output from the keyphrase (and non-reversible).

How could dissector preferences be set up so that a user could enter either an encryption key as 32 hex digits, or enter a passphrase that is converted to 32 hex digits? Could it be:

  1. two separate text fields (and the key as 32 hex digits is automatically updated when the user types a keyphrase)
  2. one text field plus an enum box to choose whether it's a hex key vs keyphrase
  3. some other strategy?
2019-01-24 03:52:13 +0000 asked a question Dissector preferences with alternative representations

Dissector preferences with alternative representations I've got a custom dissector written in Lua. The protocol has encr

2018-06-20 07:19:21 +0000 edited answer Lua dissector clean up of data tables

Proto objects can be given an init() function. It's not totally clear to me when this function is called, but comments i

2018-06-20 07:18:42 +0000 answered a question Lua dissector clean up of data tables

Proto objects can be given an init() function. It's not totally clear to me when this function is called, but comments i

2018-06-18 02:03:37 +0000 edited question Calling CRC functions from Lua

Calling CRC functions from Lua Does Wireshark provide an API for CRC calculations from Lua dissectors? I see Wireshark h

2018-06-18 01:59:11 +0000 edited question Lua dissector clean up of data tables

Lua dissector clean up of data tables I've written a protocol dissector in Lua, and it is working reasonably well. It s

2018-06-05 23:58:45 +0000 asked a question Calling CRC functions from Lua

Calling CRC functions from Lua Does Wireshark provide an API for CRC calculations from Lua dissectors? I see Wireshark h

2018-06-01 04:22:56 +0000 asked a question Lua dissector clean up of data tables

Lua dissector clean up of data tables I've written a protocol dissector in Lua, and it is working reasonably well. It s

2018-05-16 01:05:46 +0000 marked best answer Lua dissector memory-efficient packet reassembly

I'd like to use Wireshark to analyse an RS-485 based protocol. I'd like to use a generic tool such as GitHub j123b567/SerialPCAP to save the data to a pcap file with a DLT_USER_0 data type, then analyse it with Wireshark using a custom dissector, written in Lua (ideally).

Due to the way the generic capture tool works, frames in the pcap file don't necessarily coincide with protocol packets. So, it is necessary to search for valid packets that might start on any byte within the pcap frame, or might span 2 or more frames. Valid packets can be determined by checking if the byte sequence starting at a particular byte has a valid length and CRC-16 value at the end. I have succeeded in writing a Lua dissector that does this.

However, I am not so easily able to handle protocol packets that span 2 or more pcap frames. I could do manual frame reassembly by storing frame data in a Lua list, however, this takes significant memory so doesn't scale up well to large captures. I've read about TCP packet reassembly in Lua, and tried it, but it doesn't seem to work for dissecting DLT_USER_0 data. Also I've read some information that suggests that Wireshark's TCP packet reassembly also takes a large amount of memory, so if that would be the case for DLT files also, that's not so good.

The maximum protocol packet size is 31 bytes, so ideally I'd like the dissector to simply be able to look back to the data of previous pcap frames, up to 31 bytes' worth, to potentially reassemble valid packets.

Is it possible to do memory-efficient packet reassembly, by simply looking back to a small number of previous pcap frames as needed to find valid protocol packets?

If that's not possible, I guess I'd need to make a smarter capture tool, which is able to packetise protocol packets from the serial stream and save each packet into its own pcap frame.

2018-05-16 01:05:46 +0000 received badge  Scholar (source)
2018-05-10 07:43:16 +0000 edited question Lua dissector memory-efficient packet reassembly

Lua dissector memory-efficient packet reassembly I'd like to use Wireshark to analyse an RS-485 based protocol. I'd like

2018-05-10 07:42:34 +0000 edited question Lua dissector memory-efficient packet reassembly

Lua dissector memory-efficient packet reassembly I'd like to use Wireshark to analyse an RS-485 based protocol. I'd like

2018-05-10 05:04:38 +0000 received badge  Editor (source)
2018-05-10 05:04:38 +0000 edited question Lua dissector memory-efficient packet reassembly

Lua dissector memory-efficient packet reassembly I'd like to use Wireshark to analyse an RS-485 based protocol. I'd like

2018-05-10 04:54:23 +0000 asked a question Lua dissector memory-efficient packet reassembly

Lua dissector memory-efficient packet reassembly I'd like to use Wireshark to analyse an RS-485 based protocol. I'd like