Didier Stevens

Monday 12 May 2014

Video: “Packet Class: Wireshark – Lua Protocol Dissectors”

Filed under: Networking,Wireshark — Didier Stevens @ 21:02

In this video, I’m trying to give you an idea of what you can expect in my “Packet Class: Wireshark” training when we will cover protocol dissectors written in Lua.

13 Comments »

  1. Hi didier,

    How do you implement this dissector in wireshark main configuration ?

    thanks

    Comment by nwf — Tuesday 16 December 2014 @ 16:19

  2. @nwf What do you mean exactly? Where to store Lua dissectors?

    Comment by Didier Stevens — Tuesday 16 December 2014 @ 21:20

  3. Yes , where do you store the lua dissectors in wireshark and what you configure to enable these custom dissectors.

    Comment by nwf — Wednesday 17 December 2014 @ 15:59

  4. OK, what OS do you have? Windows?

    Comment by Didier Stevens — Wednesday 17 December 2014 @ 16:17

  5. Yeah Windows

    Comment by nwf — Wednesday 17 December 2014 @ 16:24

  6. Then you can create a init.lua file in C:\Users\user\AppData\Roaming\Wireshark
    This will be executed when Wireshark starts.

    Comment by Didier Stevens — Wednesday 17 December 2014 @ 21:49

  7. thanks for the reply but he doesn’t change anything. I have past the init.lua in the appdata folder then i have put your dissector. After that i execute wireshark but they don’t identify your script as a dissector

    Comment by nwf — Wednesday 17 December 2014 @ 22:51

  8. Now wireshark seen the lua script is works but all the decode function doesn’t resolve the TCP flags like tcpflags, 0x10, to ACK flags.

    Comment by nwf — Wednesday 17 December 2014 @ 23:44

  9. You put a do statement in the init.lua file to load the dissector?

    Comment by Didier Stevens — Friday 19 December 2014 @ 9:11

  10. No , i have put directly this script in the wireshark plugins folder which permit to not call the dofile functions. It works with others lua scripts and not yours.

    Comment by Nwf — Friday 19 December 2014 @ 9:44

  11. OK, now I understand what you mean. What are you doing exactly? Because it works on my machines.

    Did you check Help / About Wireshark / plugins ?

    Comment by Didier Stevens — Friday 19 December 2014 @ 10:41

  12. Please could you give me your email and i send you a screenshot of my issue

    Comment by nwf — Friday 19 December 2014 @ 17:32

  13. Done

    Comment by Didier Stevens — Friday 19 December 2014 @ 18:28


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.