Hello Christopher, all,
as I wrote "... to write Lua dissector...", so instructions what and how to
do on command line do not apply in this case. Meanwhile, I figured out by
myself how this is supposed to work:
local udlt = DissectorTable.get("wtap_encap")
udlt:add(wtap.USER1, ypp)
why not to stick to one naming convention of user_dlt -- I do not know but
the lines above is the way to start the dissector in this case.
Kind Regards
Ariel Burbaickij
On Wed, Sep 1, 2021 at 4:22 AM Maynard, Christopher via Wireshark-users <
wireshark-users@wireshark.org> wrote:
> > From: Wireshark-users <wireshark-users-boun...@wireshark.org> On Behalf
> Of Ariel Burbaickij
> > Sent: Monday, August 30, 2021 4:20 AM
> > To: Community support list for Wireshark <wireshark-users@wireshark.org>
> > Subject: [Wireshark-users] any examples of how to hook up Lua dissector
> to user_dlt tree?
> >
> > Hello community,
> > I would like to write Lua dissector for a binary, i.e. not text,
> proprietary protocol on top of user_dlt.
> > Are there any examples available, which roughly show how this is done ?
> Could you point me to them
> > as I have not found much interesting yet.
> >
> > In particular, how actual hooking should look like:
> >
> > local user_dlt = DissectorTable.get("user_dlt") // user_dlt dissector
> exists in Wireshark
> > user_dlt:add(148, my_protocol_to_be_dissected) // my protocol uses
> user_dlt 148
> > or is it something else ?
> > Kind Regards
> > Ariel Burbaickij
>
> This is done just as for any other protocol, either by changing the
> Wireshark preferences or specifying the option on the command-line.
> Assuming "Your Proprietary Protocol" = ypp and DLT=147 ...
>
> 1) Changing Wireshark preference: Edit -> Preferences... -> Protocols ->
> DLT_USER -> Encapsulations Table: Edit... -> [+] -> Select DLT 147, Payload
> Protocol=ypp, and set other relevant fields as needed -> OK -> OK.
>
> Refs:
>
> https://www.wireshark.org/docs/wsug_html_chunked/ChUserDLTsSection.html
>
> https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything
>
> 2) Command-line option:
> Windows: Wireshark.exe -o "uat:user_dlts:\"User 1
> (DLT=147)\",\"ypp\",\"0\",\"\",\"0\",\"\""
> *nix: wireshark -o 'uat:user_dlts:"User 1
> (DLT=147)","ypp","0","","0",""'
>
> Refs:
> https://www.wireshark.org/docs/man-pages/wireshark.html
>
> https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
>
> I hope that helps?
> - Chris
>
>
>
>
>
>
>
>
>
>
> CONFIDENTIALITY NOTICE: This message is the property of International Game
> Technology PLC and/or its subsidiaries and may contain proprietary,
> confidential or trade secret information. This message is intended solely
> for the use of the addressee. If you are not the intended recipient and
> have received this message in error, please delete this message from your
> system. Any unauthorized reading, distribution, copying, or other use of
> this message or its attachments is strictly prohibited.
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
> Archives: https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-requ...@wireshark.org
> ?subject=unsubscribe
>
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
