Created
November 9, 2011 01:42
-
-
Save eliotb/1350043 to your computer and use it in GitHub Desktop.
Wireshark CobraNet dissector as lua plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Wireshark dissector for CobraNet protocol (ethertype == 0x8819) | |
| -- Note that this is incomplete. Shows PDU type and version, plus | |
| -- some known fields from Reservation PDU | |
| -- | |
| -- Eliot Blennerhassett <[email protected]> | |
| do | |
| -- Create a new dissector | |
| COBRANET = Proto ("cobranet", "CobraNet") | |
| local cobranet_ethertype = 0x8819 | |
| -- Create the protocol fields | |
| local pdus= {[0]="Beat", [1]="Reservation", [0x10]="Audio"} | |
| local f = COBRANET.fields | |
| f.pdu = ProtoField.uint8 ("cobranet.pdu", "PDU Type", nil, pdus) | |
| f.version = ProtoField.uint8 ("cobranet.version", "Version") | |
| f.res_ip = ProtoField.ipv4 ("cobranet.res_ip", "IP address") | |
| f.tx_bundles = ProtoField.string("cobranet.tx_bundles") | |
| f.tx_bundle = ProtoField.bytes ("cobranet.tx_bundle", "Tx Bundle") | |
| f.tx_bundle_num = ProtoField.uint16 ("cobranet.tx_bundle_num", "Tx Bundle Num") | |
| f.rx_bundles = ProtoField.string("cobranet.rx_bundles") | |
| f.rx_bundle = ProtoField.bytes ("cobranet.rx_bundle", "Rx Bundle") | |
| f.rx_bundle_num = ProtoField.uint16 ("cobranet.rx_bundle_num", "Rx Bundle Num") | |
| f.unknown = ProtoField.bytes ("cobranet.unknown", "Unknown") | |
| f.the_rest = ProtoField.bytes ("cobranet.the_rest", "The Rest") | |
| function tx_bundle(buffer, subtree, n) | |
| local tx = subtree:add_le(f.tx_bundle_num, buffer(16 + 2 + n * 6, 2)) | |
| tx:add(f.tx_bundle, buffer(16 + n * 6, 6)) | |
| end | |
| function tx_bundles(buffer, subtree) | |
| local n | |
| local tx_tree = subtree:add(f.tx_bundles) | |
| tx_tree:set_text("Tx Bundles") | |
| for n = 0, 3, 1 do | |
| tx_bundle(buffer, tx_tree, n) | |
| end | |
| end | |
| function rx_bundle(buffer, subtree, n) | |
| local rx = subtree:add_le(f.rx_bundle_num, buffer(42 + 2 + n * 10, 2)) | |
| rx:add(f.rx_bundle, buffer(42 + n * 10, 10)) | |
| end | |
| function rx_bundles(buffer, subtree) | |
| local n | |
| local rx_tree = subtree:add(f.rx_bundles) | |
| rx_tree:set_text("Rx Bundles") | |
| for n = 0, 7, 1 do | |
| rx_bundle(buffer, rx_tree, n) | |
| end | |
| end | |
| -- The dissector function | |
| function COBRANET.dissector (buffer, packet, tree) | |
| -- Adding fields to the tree | |
| local subtree = tree:add (COBRANET, buffer()) | |
| local offset = 0 | |
| local n | |
| local pdu_buf= buffer (0, 1) | |
| local pdu = pdu_buf:uint() | |
| packet.cols.protocol:set("CobraNet") | |
| packet.cols.info:set(pdus[pdu]) | |
| subtree:add (f.pdu, pdu_buf) | |
| subtree:add (f.version, buffer (1, 1)) | |
| offset = 2 | |
| if pdu == 1 then | |
| subtree:add(f.unknown, buffer(2, 8)) | |
| subtree:add(f.res_ip, buffer(10, 4)) | |
| subtree:add(f.unknown, buffer(14, 2)) | |
| tx_bundles(buffer, subtree) | |
| subtree:add(f.unknown, buffer(40, 2)) | |
| rx_bundles(buffer, subtree) | |
| offset = 122 | |
| end | |
| subtree:add (f.the_rest, buffer(offset)) | |
| end | |
| ether_table = DissectorTable.get ("ethertype") | |
| ether_table:add (cobranet_ethertype, COBRANET) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment