Created
April 27, 2019 18:01
-
-
Save rymdolle/0b65bc1b3dcefd8ae55415d3aec1015f to your computer and use it in GitHub Desktop.
Wireshark plugin for dissecting mumble protocol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- mumble protocol | |
| mumble_proto = Proto("mumble", "Mumble Protocol") | |
| local f_type = ProtoField.string("mumble.type", "type") | |
| local f_length = ProtoField.uint32("mumble.length", "length", base.DEC) | |
| local f_data = ProtoField.bytes("mumble.data", "data") | |
| local HEADER_SIZE = 6 | |
| mumble_proto.fields = { | |
| f_type, | |
| f_length, | |
| f_data, | |
| } | |
| function mumble_proto.dissector(buffer, pinfo, tree) | |
| pinfo.cols.protocol = mumble_proto.name | |
| pinfo.cols.info:set(mumble_proto.name) | |
| dissect_tcp_pdus(buffer, tree, HEADER_SIZE, get_length, get_pdu) | |
| end | |
| function get_length(buffer, pinfo, offset) | |
| return buffer(offset+2, 4):uint() + HEADER_SIZE | |
| end | |
| function get_pdu(buffer, pinfo, tree) | |
| local subtree = tree:add(mumble_proto, buffer(), "Mumble Protocol Data") | |
| local packet_type = get_type(buffer(0,2):uint()) | |
| local length = buffer(2, 4):uint() | |
| subtree:add(f_type, buffer(0, 2), packet_type) | |
| subtree:add(f_length, buffer(2, 4), length) | |
| subtree:add(f_data, buffer(HEADER_SIZE, buffer:len() - HEADER_SIZE)) | |
| pinfo.cols.info:append(" " .. packet_type) | |
| return length | |
| end | |
| function get_type(t) | |
| if t == 0 then return "Version" | |
| elseif t == 1 then return "UDPTunnel" | |
| elseif t == 2 then return "Authenticate" | |
| elseif t == 3 then return "Ping" | |
| elseif t == 4 then return "Reject" | |
| elseif t == 5 then return "ServerSync" | |
| elseif t == 6 then return "ChannelRemove" | |
| elseif t == 7 then return "ChannelState" | |
| elseif t == 8 then return "UserRemove" | |
| elseif t == 9 then return "UserState" | |
| elseif t == 10 then return "BanList" | |
| elseif t == 11 then return "TextMessage" | |
| elseif t == 12 then return "PermissionDenied" | |
| elseif t == 13 then return "ACL" | |
| elseif t == 14 then return "QueryUsers" | |
| elseif t == 15 then return "CryptSetup" | |
| elseif t == 16 then return "ContextActionModify" | |
| elseif t == 17 then return "ContextAction" | |
| elseif t == 18 then return "UserList" | |
| elseif t == 19 then return "VoiceTarget" | |
| elseif t == 20 then return "PermissionQuery" | |
| elseif t == 21 then return "CodecVersion" | |
| elseif t == 22 then return "UserStats" | |
| elseif t == 23 then return "RequestBlob" | |
| elseif t == 24 then return "ServerConfig" | |
| elseif t == 25 then return "SuggestConfig" | |
| else return "Unknown" | |
| end | |
| end | |
| tcp_table = DissectorTable.get("tcp.port") | |
| tcp_table:add(64738, mumble_proto) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment