luawiresharkpacketwireshark-dissector

Writing a protocol dissector with Lua does not autocomplete the Proto class


I am trying to look for a way to write a wireshark dissector. The problem is that I do not find a lot of documentation of how to do so, which is very weird for me.

I installed Lua54 and I am writing it in Visual Studio code with the main Lua extension. The Lua basic runs nicely (like creating a function or adding two numbers).

However when I am following a certain documentation of how to build a Wireshark dissector, I cannot test nor run it locally, and moreover there is no autocompletion so I have no idea what attribute I can access or what functions I can run... (Such as for the Proto class)

I've read somewhere that you need to run the script sith tshark -X command however, it initializes a sniff and I don't want to test it like that, I want to test it by giving it bytes and seeing if it detects the protocol by going inside the data attribute of a TCP packet and parses it accordingly (kind of like how struct or construct work in Python)

The documentation I am following:

https://mika-s.github.io/wireshark/lua/dissector/2017/11/04/creating-a-wireshark-dissector-in-lua-1.html

The problem is that when I initiate the "Proto" class it does not detect it and retrieves an exception of some "Global 'Proto' is undefined"

What are the steps of writing, executing and testing a Lua dissector for wireshark? I cannot seem to find a basic guide, nor a guide to set up all the necessary programs.


Solution

  • You might want to start by reading/referencing sections 10 (Lua Support in Wireshark) and 11 (Wireshark’s Lua API Reference Manual) in the Wireshark Developer's Guide. After that, you may want to reference the Wireshark Lua Wiki Page for additional help and resources, including Examples and user Contributions.

    You may also find the example foo.lua dissector I wrote and shared on the wireshark-dev mailing list a few years ago of some help. I included a sample foo.pcap file for testing it as well.