Wireshak使用lua腳本解析封包
一、協定大概内容如下:
二、lua中各個語句意義
1.調用wireskark的注冊函數
glink3_protocol = Proto(“glink3.0”, “glink3.0 Protocol”)
2.指定封包各個字段的含義及資料類型
head = ProtoField.uint16 (“glink3.head” , “head(協定頭)” , base.HEX)
Type = ProtoField.uint8 (“glink3.type” , “type(資料類型)” , base.DEC)
Flag = ProtoField.uint8 (“glink3.flag” , “flag(标志位)” , base.HEX)
src_sys_id = ProtoField.uint8 (“glink3.src_sid” , “src_sid(源系統ID)” , base.HEX)
src_com_id = ProtoField.uint8 (“glink3.src_com_id” , “src_com_id(源元件ID)” , base.HEX)
des_sys_id = ProtoField.uint8 (“glink3.des_sys_id” , “des_sys_id(目的系統ID)” , base.HEX)
des_com_id = ProtoField.uint8 (“glink3.des_com_id” , “des_com_id(目的元件ID)” , base.HEX)
msgid = ProtoField.uint16 (“glink3.msgid” , “msgid(消息ID)” , base.HEX)
seq = ProtoField.uint8 (“glink3.seq” , “seq(序列号)” , base.HEX)
len = ProtoField.uint8 (“glink3.len” , “len(載荷有效長度)” , base.HEX)
payLoad = ProtoField.bytes (“glink3.payLoad” , “payLoad(有效載荷)”)
chk = ProtoField.uint16 (“glink3.chk” , “chk(校驗和)” , base.HEX)
Data = ProtoField.bytes (“glink3.Data” , “rawdata(原始封包)”)
3.添加協定中字段到域
glink3_protocol.fields = {
head,
Type,
Flag,
src_sys_id,
src_com_id,
des_sys_id,
des_com_id,
msgid,
seq,
len,
payLoad,
chk,
Data
}
4.使用協定解剖器
function glink3_protocol.dissector(buffer, pinfo, tree)
5.指定協定和端口号
local udp_port = DissectorTable.get(“udp.port”)
udp_port:add(7894, glink3_protocol)
三、wireshark中解析如下
1.未使用lua插件wireshark解析封包如下:
2.使用lua插件封包解析如下
3.對lua腳本函數使用說明
Wireshark列資訊
pinfo.cols.protocol = “glink3.0 "
pinfo.cols.protocol:append(_src_sysid_description…_src_comid_description…”–>"…_des_sysid_description…_des_comid_description)
添加樹
local subtree = tree:add(glink3_protocol,buffer(),“Glink3.0 Protocol Data”)
添加子樹
subtree:add(head,buffer(0,2))
對子樹字段描述
local _type = buffer(2,1):uint()
local _type_description = get_type_description(_type)
subtree:add(Type,buffer(2,1)):append_text(" (" …_type_description… “)”)
四、lua腳本使用
将腳本放到如下路徑,wireshark打開資料包即可。
參考連結:
https://mika-s.github.io/wireshark/lua/dissector/2018/12/16/creating-a-wireshark-dissector-in-lua-4.html