Created
August 13, 2015 15:22
-
-
Save Mons/df4973e2faba433c90bd to your computer and use it in GitHub Desktop.
IProto wireshark
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local iproto_proto = Proto("iproto", "iproto protocol") | |
| function iproto_proto.dissector(buffer, pinfo, tree) | |
| pinfo.cols.protocol = "IPROTO" | |
| local iprotree = tree:add(iproto_proto, buffer(), "IPROTO") | |
| local buffer_len = buffer:len() | |
| local offset = 0 | |
| while offset < buffer_len do | |
| local len = buffer((offset + 4), 4):le_uint() | |
| local sync = buffer((offset+8), 4):le_uint() | |
| local subtree = iprotree:add(iproto_proto, buffer(), "packet " .. sync) | |
| subtree:add(buffer(offset, 4), "msg: " ..buffer(offset, 4):le_uint()) | |
| subtree:add(buffer((offset+4), 4), "len: " .. len) | |
| subtree:add(buffer((offset+8), 4), "sync: " .. sync) | |
| subtree:add(buffer((offset+12), len), "data: " .. buffer((offset+12), len)) | |
| offset = offset + 12 + len | |
| end | |
| end | |
| tcp_table = DissectorTable.get("tcp.port") | |
| tcp_table:add(11311, iproto_proto) | |
| -- (c) Maxim Andreev |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment