Re: any examples of how to hook up Lua dissector to user_dlt tree?

["Maynard, Christopher via Wireshark-users" <wireshark-users () wireshark org>]

> From: Wireshark-users <wireshark-users-bounces () wireshark org> On Behalf Of Ariel Burbaickij
> Sent: Monday, August 30, 2021 4:20 AM
> To: Community support list for Wireshark <wireshark-users () wireshark org>
> Subject: [Wireshark-users] any examples of how to hook up Lua dissector to user_dlt tree?
>
> Hello community,
> I would like to write Lua dissector for a binary, i.e. not text,  proprietary protocol on top of user_dlt.
> Are there any examples available, which roughly show how this is done ? Could you point me to them
> as I have not found much interesting yet.
>
> In particular, how actual hooking should look like:
>
> local user_dlt = DissectorTable.get("user_dlt")  // user_dlt dissector exists in Wireshark
> user_dlt:add(148, my_protocol_to_be_dissected) // my protocol uses user_dlt 148
> or is it something else ?
> Kind Regards
> Ariel Burbaickij

This is done just as for any other protocol, either by changing the Wireshark preferences or specifying the option on 
the command-line.  Assuming "Your Proprietary Protocol" = ypp and DLT=147 ...

1) Changing Wireshark preference: Edit -> Preferences... -> Protocols -> DLT_USER -> Encapsulations Table: Edit... -> 
[+] -> Select DLT 147, Payload Protocol=ypp, and set other relevant fields as needed -> OK -> OK.

        Refs:
                https://www.wireshark.org/docs/wsug_html_chunked/ChUserDLTsSection.html
                https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything

2) Command-line option:
        Windows: Wireshark.exe -o "uat:user_dlts:\"User 1 (DLT=147)\",\"ypp\",\"0\",\"\",\"0\",\"\""
        *nix: wireshark -o 'uat:user_dlts:"User 1 (DLT=147)","ypp","0","","0",""'

        Refs:
                https://www.wireshark.org/docs/man-pages/wireshark.html
                https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html

I hope that helps?
- Chris










CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and 
may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the 
addressee. If you are not the intended recipient and have received this message in error, please delete this message 
from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is 
strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe