Monday, June 27, 2011

The Shark and the Moon

The shark is the well known protocol analyzer Wireshark, and the moon is Lua, which is a very clever scripting language developed in Brazil, whose name is the Portuguese word for "moon" (in Italian we call it "luna"... not very different!).

Lua can be used to customize Wireshark from script, and since this is a very useful thing if you implement protocols, I decided to learn something about the Brazilian moon and about how to use it to illuminate preys for the shark. That is, how to use Lua to dissect protocols that are not supported by Wireshark because they are new or proprietary.

As an exercise, and in order to have a reference example for future use, I designed a trivial protocol (which I named... "Example Protocol"), then I wrote the corresponding dissector, and generated a capture file to test it.

Here is the dissector script, here is the capture file, and below is a snapshot of the output from Wireshark (click on it to enlarge):