Created
September 3, 2022 14:31
-
-
Save brainstorm/32d91ceccc824b4153b8c29a70c86ced to your computer and use it in GitHub Desktop.
Wireshark EPSON USB printer dissector
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| usb_printer_epson_protocol = Proto("USB_PRINTER_EPSON", "USB printer EPSON") | |
| local printjob_payload = ProtoField.none("usb_printer_epson.payload", "Payload", base.HEX) | |
| usb_printer_epson_protocol.fields = { printjob_payload } | |
| function usb_printer_epson_protocol.dissector(buffer, pinfo, tree) | |
| length = buffer:len() | |
| --- We are only interested on the 16KB BULK transfers as they contain the PDF being sent? | |
| if length < 10000 then return end | |
| pinfo.cols.protocol = usb_printer_epson_protocol.name | |
| local subtree = tree:add(usb_printer_epson_protocol, buffer(), "USB Printer EPSON") | |
| subtree:add_le(printjob_payload, buffer(0,length)) | |
| end | |
| DissectorTable.get("usb.bulk"):add(0xffff, usb_printer_epson_protocol) |
FTDI FT dissector is pretty good: https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-ftdi-ft.c
But has some minor flaws when dissecting the actual payload (i.e 01 00 from a USB dongle serial transfer gets interpreted as line status when in reality is part of the payload).
Also, don't fall for the "ifconfig: interface XHC20 does not exist" error when running ifconfig up, see: https://apple.stackexchange.com/a/462852/406377
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://twitter.com/braincode/status/1566044441822908416
https://mika-s.github.io/wireshark/lua/dissector/2017/11/04/creating-a-wireshark-dissector-in-lua-1.html
TL;DR: Drop lua dissector(s) in
/Users/rvalls/.local/lib/wireshark/plugins