KUKAVARPROXY Wireshark Interpreter/Disector - Copy to C:\Program Files\Wireshark\plugins\2.6

KVPdisector.lua

kvp_protocol = Proto("KVP",  "KUKAVARPROXY Protocol")

type = ProtoField.string("kvp.type", "TYPE", base.STRING)
reqID = ProtoField.int32("kvp.reqID", "REQ ID", base.DEC)
reqLen = ProtoField.int32("kvp.reqLen", "REQ LEN", base.DEC)
method = ProtoField.int32("kvp.method", "METHOD", base.DEC)
varNameLen = ProtoField.int32("kvp.varNameLen", "VAR LEN", base.DEC)
varName = ProtoField.string("kvp.varName", "VAR NAME", base.STRING)
valueLen = ProtoField.int32("kvp.valueLen", "VALUE LEN", base.DEC)
value = ProtoField.string("kvp.value", "VALUE CHARS", base.STRING)


kvp_protocol.fields = {reqID, reqLen, method, varNameLen, varName, valueLen, value}

function kvp_protocol.dissector(buffer, pinfo, tree)
  length = buffer:len()
  if length == 0 then return end

  pinfo.cols.protocol = kvp_protocol.name

  local subtree = tree:add(kvp_protocol, buffer(), "KUKAVARPROXY Protocol")
  isResponse = (length == 7 + buffer(5,2):uint() + 3)

  subtree:add(type, isResponse and "[Response]" or "[Request]")
  subtree:add(reqID, buffer(0,2))
  subtree:add(reqLen, buffer(2,2))
  readWrite = (buffer(4,1):uint() == 1) and " (write)" or " (read)"
  subtree:add(method, buffer(4,1)):append_text(readWrite)


  if isResponse then -- read or write response 3(trailer)
    -- is response
    subtree:add(valueLen, buffer(5,2))
    subtree:add(value, buffer(7,buffer(5,2):uint()))
  else
    -- is request
    subtree:add(varNameLen, buffer(5,2))
    subtree:add(varName, buffer(7,buffer(5,2):uint()))

    if buffer(4,1):uint() == 1 then -- write
      valueStart = buffer(5,2):uint() + 7
      subtree:add(valueLen, buffer(valueStart,2))
      valueLength = buffer(valueStart,2):uint()
      subtree:add(value, buffer(valueStart+2, valueLength))
    end
  end



end

local tcp_port = DissectorTable.get("tcp.port")
tcp_port:add(7000, kvp_protocol)