Wireshark mailing list archives
Using wireshark as decoder / viewer for proprietary protocols?
From: Steffen Dettmer <steffen.dettmer () googlemail com>
Date: Tue, 25 Jan 2011 19:57:15 +0100
Hi, I have a proprietary, stream-oriented transport protocol, typically used on serial links, which is difficult to "parse" by hand. The protocol has port numbers, flags and sequence numbers (similar as TCP). For TCP, wireshark offers lovely ways to view, analyze and evaluate traffic. I would like to have the same for my serial protocol. Is wireshark suited to view, analyze and evaluate such a proprietary protocol? I took a look to the documentation and read about dissectors. As far as I understand essentially they could be implemented in C, Python or Lua, is that right? I'd guess a scripting language is more comfortable to use here, so I think I'd try to learn the basics of Python or Lua to write some frame decoder. Also, I think a small script file would be easier to pass around (w/o requiring to recompile/relink wireshark). Is that true? Since my protocol usually is not used on top of TCP (but plain serial lines), I think I'd start with text2pcap with serial hex dumps, but as far as I understood the resulting pcap file is expected to include Ethernet frames, so I'd get a difficulty here? Any comments appreciated, Steffen ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Using wireshark as decoder / viewer for proprietary protocols? Steffen Dettmer (Jan 26)
- Re: Using wireshark as decoder / viewer for proprietary protocols? Gregory Seidman (Jan 26)
- Re: Using wireshark as decoder / viewer for proprietary protocols? wsgd (Jan 26)