wireshark协议解析插件【LUA】示例
此文章参考:
http://www.cnblogs.com/zzqcn/p/4840589.html
这里简单的贴出两份代码,更多详细资料请参考上面文章。
C语言代码:
#include <WinSock2.h>
#include <stdio.h>
#include <time.h>
#pragma comment(lib, "ws2_32.lib")
#define UDP_PORT_FOO 9877
struct proto_foo
{
UINT8 type;
UINT8 flags;
UINT16 seqno;
UINT32 ipaddr;
};
int main(int argc, char** argv)
{
int ret;
SOCKET sockfd;
SOCKADDR_IN addr;
proto_foo data;
INT16 seq = 1;
WORD dwVersion = MAKEWORD(2, 2);
WSAData wsaData;
WSAStartup(dwVersion, &wsaData);
sockfd = socket(AF_INET, SOCK_DGRAM, 0);
addr.sin_family = AF_INET;
addr.sin_port = htons(UDP_PORT_FOO);
if(argc < 2)
{
printf("will send to 220.181.57.217\n");
addr.sin_addr.s_addr = inet_addr("220.181.57.217");
}
else
addr.sin_addr.s_addr = inet_addr(argv[1]);
data.ipaddr = 0x04030201;
for(;;)
{
srand((unsigned int)time(NULL));
data.type = rand() % 3 + 1;
data.flags = rand() % 4 + 1;
if(data.flags == 3)
data.flags = 4;
data.seqno = htons(seq++);
ret = sendto(sockfd, (const char*)&data, sizeof(proto_foo), 0,
(SOCKADDR*)&addr, sizeof(addr));
if(SOCKET_ERROR == ret)
{
printf("sendto error\n");
break;
}
Sleep(1000);
}
closesocket(sockfd);
WSACleanup();
return 0;
}
LUA插件代码:
-- @brief Foo Protocol dissector plugin
-- @author zzq
-- @date 2015.08.12
-- create a new dissector
local NAME = "foo"
local PORT = 9877
local foo = Proto(NAME, "Foo Protocol")
-- dissect packet
function foo.dissector (tvb, pinfo, tree)
end
-- register this dissector
DissectorTable.get("udp.port"):add(PORT, foo)
-- create fields of foo
local fields = foo.fields
fields.type = ProtoField.uint8 (NAME .. ".type", "Type")
fields.flags = ProtoField.uint8 (NAME .. ".flags", "Flags")
fields.seqno = ProtoField.uint16(NAME .. ".seqno", "Seq No.")
fields.ipaddr = ProtoField.ipv4(NAME .. ".ipaddr", "IPv4 Address")
-- dissect packet
function foo.dissector (tvb, pinfo, tree)
local subtree = tree:add(foo, tvb())
local offset = 0
-- show protocol name in protocol column
pinfo.cols.protocol = foo.name
-- dissect field one by one, and add to protocol tree
local type = tvb(offset, 1)
subtree:add(fields.type, type)
subtree:append_text(", type: " .. type:uint())
offset = offset + 1
subtree:add(fields.flags, tvb(offset, 1))
offset = offset + 1
subtree:add(fields.seqno, tvb(offset, 2))
offset = offset + 2
subtree:add(fields.ipaddr, tvb(offset, 4))
end
将LUA文件放于wireshark安装目录下的:.\plugins\2.0.2 目录下(版本变动请根据实际情况设置目录)。