Wireshak使用lua脚本解析报文
一、协议大概内容如下:
二、lua中各个语句意义
1.调用wireskark的注册函数
glink3_protocol = Proto(“glink3.0”, “glink3.0 Protocol”)
2.指定报文各个字段的含义及数据类型
head = ProtoField.uint16 (“glink3.head” , “head(协议头)” , base.HEX)
Type = ProtoField.uint8 (“glink3.type” , “type(数据类型)” , base.DEC)
Flag = ProtoField.uint8 (“glink3.flag” , “flag(标志位)” , base.HEX)
src_sys_id = ProtoField.uint8 (“glink3.src_sid” , “src_sid(源系统ID)” , base.HEX)
src_com_id = ProtoField.uint8 (“glink3.src_com_id” , “src_com_id(源组件ID)” , base.HEX)
des_sys_id = ProtoField.uint8 (“glink3.des_sys_id” , “des_sys_id(目的系统ID)” , base.HEX)
des_com_id = ProtoField.uint8 (“glink3.des_com_id” , “des_com_id(目的组件ID)” , base.HEX)
msgid = ProtoField.uint16 (“glink3.msgid” , “msgid(消息ID)” , base.HEX)
seq = ProtoField.uint8 (“glink3.seq” , “seq(序列号)” , base.HEX)
len = ProtoField.uint8 (“glink3.len” , “len(载荷有效长度)” , base.HEX)
payLoad = ProtoField.bytes (“glink3.payLoad” , “payLoad(有效载荷)”)
chk = ProtoField.uint16 (“glink3.chk” , “chk(校验和)” , base.HEX)
Data = ProtoField.bytes (“glink3.Data” , “rawdata(原始报文)”)
3.添加协议中字段到域
glink3_protocol.fields = {
head,
Type,
Flag,
src_sys_id,
src_com_id,
des_sys_id,
des_com_id,
msgid,
seq,
len,
payLoad,
chk,
Data
}
4.使用协议解剖器
function glink3_protocol.dissector(buffer, pinfo, tree)
5.指定协议和端口号
local udp_port = DissectorTable.get(“udp.port”)
udp_port:add(7894, glink3_protocol)
三、wireshark中解析如下
1.未使用lua插件wireshark解析报文如下:
2.使用lua插件报文解析如下
3.对lua脚本函数使用说明
Wireshark列信息
pinfo.cols.protocol = “glink3.0 "
pinfo.cols.protocol:append(_src_sysid_description…_src_comid_description…”–>"…_des_sysid_description…_des_comid_description)
添加树
local subtree = tree:add(glink3_protocol,buffer(),“Glink3.0 Protocol Data”)
添加子树
subtree:add(head,buffer(0,2))
对子树字段描述
local _type = buffer(2,1):uint()
local _type_description = get_type_description(_type)
subtree:add(Type,buffer(2,1)):append_text(" (" …_type_description… “)”)
四、lua脚本使用
将脚本放到如下路径,wireshark打开数据包即可。
参考链接:
附件:
1.lua插件示例;
2.报文包;
wireshark资料见:
https://gitee.com/xutiefly/lovecode.git
