私はluaのwiresharkディセクタに取り組んでおり、802.15.4に基づくカスタムプロトコルを分析しています。残念ながら、正しいDissectorTable名を理解できません。
table = DissectorTable.get("wpan") -- wpan does not work
table:add(0, myProto) -- I'm unsure about the first argument here
説明されているディセクタを作成するには、どのディセクタテーブル名を使用する必要がありますか?そして、add関数の最初の引数は何になりますか?
前もって感謝します!
編集
私はそれをこのようにしなければならないことを理解しました:
table = DissectorTable.get("wtap_encap")
table:add(104, myProto)
ここで、104は802.15.4を表します。
wireshark->internals->dissectortableを調べて見つけました
マーティンの答えに追加するには、次のようなwtapテーブル(これらの整数定数を含む)を使用することもできます。init.lua
table:add(wtap ["IEEE802_15_4"]、myProto) table:add(wtap ["IEEE802_15_4_NOFCS"]、myProto)
From /usr/share/wireshark/init.lua(Windows:)%PROGRAMFILES%\Wireshark\init.lua:
wtap = {
["UNKNOWN"] = 0,
["ETHERNET"] = 1,
["TOKEN_RING"] = 2,
["SLIP"] = 3,
["PPP"] = 4,
["FDDI"] = 5,
["FDDI_BITSWAPPED"] = 6,
["RAW_IP"] = 7,
["ARCNET"] = 8,
["ARCNET_LINUX"] = 9,
["ATM_RFC1483"] = 10,
["LINUX_ATM_CLIP"] = 11,
["LAPB"] = 12,
["ATM_PDUS"] = 13,
["ATM_PDUS_UNTRUNCATED"] = 14,
["NULL"] = 15,
["ASCEND"] = 16,
["ISDN"] = 17,
["IP_OVER_FC"] = 18,
["PPP_WITH_PHDR"] = 19,
["IEEE_802_11"] = 20,
["PRISM_HEADER"] = 21,
["IEEE_802_11_WITH_RADIO"] = 22,
["IEEE_802_11_WLAN_RADIOTAP"] = 23,
["IEEE_802_11_WLAN_AVS"] = 24,
["SLL"] = 25,
["FRELAY"] = 26,
["FRELAY_WITH_PHDR"] = 27,
["CHDLC"] = 28,
["CISCO_IOS"] = 29,
["LOCALTALK"] = 30,
["OLD_PFLOG"] = 31,
["HHDLC"] = 32,
["DOCSIS"] = 33,
["COSINE"] = 34,
["WFLEET_HDLC"] = 35,
["SDLC"] = 36,
["TZSP"] = 37,
["ENC"] = 38,
["PFLOG"] = 39,
["CHDLC_WITH_PHDR"] = 40,
["BLUETOOTH_H4"] = 41,
["MTP2"] = 42,
["MTP3"] = 43,
["IRDA"] = 44,
["USER0"] = 45,
["USER1"] = 46,
["USER2"] = 47,
["USER3"] = 48,
["USER4"] = 49,
["USER5"] = 50,
["USER6"] = 51,
["USER7"] = 52,
["USER8"] = 53,
["USER9"] = 54,
["USER10"] = 55,
["USER11"] = 56,
["USER12"] = 57,
["USER13"] = 58,
["USER14"] = 59,
["USER15"] = 60,
["SYMANTEC"] = 61,
["APPLE_IP_OVER_IEEE1394"] = 62,
["BACNET_MS_TP"] = 63,
["NETTL_RAW_ICMP"] = 64,
["NETTL_RAW_ICMPV6"] = 65,
["GPRS_LLC"] = 66,
["JUNIPER_ATM1"] = 67,
["JUNIPER_ATM2"] = 68,
["REDBACK"] = 69,
["NETTL_RAW_IP"] = 70,
["NETTL_ETHERNET"] = 71,
["NETTL_TOKEN_RING"] = 72,
["NETTL_FDDI"] = 73,
["NETTL_UNKNOWN"] = 74,
["MTP2_WITH_PHDR"] = 75,
["JUNIPER_PPPOE"] = 76,
["GCOM_TIE1"] = 77,
["GCOM_SERIAL"] = 78,
["NETTL_X25"] = 79,
["K12"] = 80,
["JUNIPER_MLPPP"] = 81,
["JUNIPER_MLFR"] = 82,
["JUNIPER_ETHER"] = 83,
["JUNIPER_PPP"] = 84,
["JUNIPER_FRELAY"] = 85,
["JUNIPER_CHDLC"] = 86,
["JUNIPER_GGSN"] = 87,
["LINUX_LAPD"] = 88,
["CATAPULT_DCT2000"] = 89,
["BER"] = 90,
["JUNIPER_VP"] = 91,
["USB"] = 92,
["IEEE802_16_MAC_CPS"] = 93,
["NETTL_RAW_TELNET"] = 94,
["USB_LINUX"] = 95,
["MPEG"] = 96,
["PPI"] = 97,
["ERF"] = 98,
["BLUETOOTH_H4_WITH_PHDR"] = 99,
["SITA"] = 100,
["SCCP"] = 101,
["BLUETOOTH_HCI"] = 102,
["IPMB"] = 103,
["IEEE802_15_4"] = 104,
["X2E_XORAYA"] = 105,
["FLEXRAY"] = 106,
["LIN"] = 107,
["MOST"] = 108,
["CAN20B"] = 109,
["LAYER1_EVENT"] = 110,
["X2E_SERIAL"] = 111,
["I2C"] = 112,
["IEEE802_15_4_NONASK_PHY"] = 113,
["TNEF"] = 114,
["USB_LINUX_MMAPPED"] = 115,
["GSM_UM"] = 116,
["DPNSS"] = 117,
["PACKETLOGGER"] = 118,
["NSTRACE_1_0"] = 119,
["NSTRACE_2_0"] = 120,
["FIBRE_CHANNEL_FC2"] = 121,
["FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS"] = 122,
["JPEG_JFIF"] = 123,
["IPNET"] = 124,
["SOCKETCAN"] = 125,
["IEEE802_11_NETMON_RADIO"] = 126,
["IEEE802_15_4_NOFCS"] = 127,
["RAW_IPFIX"] = 128,
["RAW_IP4"] = 129,
["RAW_IP6"] = 130,
["LAPD"] = 131,
["DVBCI"] = 132,
["MUX27010"] = 133,
["MIME"] = 134,
["NETANALYZER"] = 135,
["NETANALYZER_TRANSPARENT"] = 136,
["IP_OVER_IB"] = 137
}
プロトコルが802.15.4の上に構築され、通常の802.15.4データパケットを使用している場合は、これを行うためのより良い方法があります。上記の回答は、802.15.4ディセクタをカスタムディセクタに完全に置き換えます。ただし、802.15.4ディセクタは、「wpan.panid」という名前のディセクタテーブルを介してデータパケットペイロードの分析を公開します。渡される「パターン」は、このディセクタを使用する必要があるパンIDです(802.15.4パンIDが割り当てられていないため、実際には意味がありませんが、適切です)。
local foo = Proto("foo", "Foo dissector")
-- Register as the dissector for panid 3. Will be automatically
-- called for packets with panid 3 (picking a panid is mandatory,
-- see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10696).
-- Can additionally be manually selected using the "Decode as..."
-- option.
table = DissectorTable.get("wpan.panid")
table:add(3, foo)
または、ヒューリスティックディセクタを「wpan」テーブルに登録することもできます。このテーブルは、すべての802.15.4ペイロードパケットに対して呼び出されます。同様に、ビーコンパケット用に呼び出される「wpan.beacon」テーブルがあります。
function dissector(tvb, pinfo, tree)
-- Do stuff here
end
foo.dissector = dissector
-- Register as a heuristic dissector, that gets called for all wpan
-- packets. We'd want to pass foo.dissector here, but it turns out
-- register_heuristic needs an actual function. Passing a lambda
-- doesn't work (since calling foo.dissector(...) discards the
-- return value), so instead we define the dissector function in two
-- steps above, so we can directly access the real function here.
-- See also https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10695
foo:register_heuristic("wpan", dissector)
これに関連する情報源は次のとおりです。
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-ieee802154.c;h=6051c84e971a629dc482722f265bb75f83b15259;hb=54aea456331825be6f802edec510e4cb2e6cc34a _ .wireshark.org / review / gitweb?p = wireshark.git; a = blob; f = epan / dissectors / packet-ieee802154.c; h = 6051c84e971a629dc482722f265bb75f83b15259; hb = 54aea456331825be6f802edec510e4cb2e6cc34a# l review / gitweb?p = wireshark.git; a = blob; f = epan / dissectors / packet-ieee802154.c; h = 6051c84e971a629dc482722f265bb75f83b15259; hb = 54aea456331825be6f802edec510e4cb2e6cc34a#l1085 https: //code。 = wireshark.git; a = blob; f = epan / dissectors / packet-ieee802154.h; h = 02acfd555f1154a469b4e74add2e0e9d04d6c81d; hb = 54aea456331825be6f802edec510e4cb2e6cc34a#l29
これを閉じるために、私にとっての最終的な解決策は次のようになります。
table = DissectorTable.get("wtap_encap")
table:add(104, myProto)
table:add(127, myProto)
ここで、104と127は802.15.4を表します(wireshark-> internals-> dissector tableを参照)