wireshark 编写lua插件，针对一般研发产出的tcp字节流进行解码

来源：互联网发布：淘宝确认收货前换货编辑：程序博客网时间：2024/06/18 06:37

参考
http://mobile.51cto.com/iphone-285912.htm
一个例子，端口14567端口的流量进行分析，目前只有一个在第24个字节处，取出1个字节进行分析，编号是否为7

sdga_proto = Proto("sdga","SDGA","sdga protocol")function sdga_proto.dissector(buffer,pinfo,tree)pinfo.cols.protocol = "sdga"pinfo.cols.info = "sdga data"local subtree = tree:add(sdga_proto,buffer(),"sdga prototal") --[[subtree:add(buffer(0,0),"Message Header: ")subtree:add(buffer(0,1),"Version: " .. buffer(0,1):uint())type = buffer(1,1):uint()type_str = "Unknown"if type == 1 thentype_str = "REQUEST"elseif type == 2 thentype_str = "RESPONSE"endsubtree:add(buffer(1,1), "Type: " .. type_str)size = buffer:len()subtree:add(buffer(2,size-2), "Data: ")--]]-- 判断07-- #subtree:add(buffer(23,1), "myData: ")data07 = buffer(23,1):uint()if data07 == 7 thendata07_string = "编号07"elsedata07_string = data07endsubtree:add(buffer(23,1), "DATA07: " .. data07_string)endtcp_table = DissectorTable.get("tcp.port")tcp_table:add(14567,sdga_proto)

0 0