
Creating a Wireshark dissector in Lua (2017) - xanthine
https://mika-s.github.io/wireshark/lua/dissector/2017/11/04/creating-a-wireshark-dissector-in-lua-1.html
======
freedomben
Wow, times have sure changed. Roughly 10 years ago I wrote a dissector for a
layer 7 protocol on top of UDP. It was an incredible amount of work and really
hard to do without introducing bugs. Would have loved to have been able to do
this in Lua.

It's hard to overstate how great it is to have a dissector for your protocol
in Wireshark. It can make troubleshooting obscure opaque issues a breeze.

~~~
iforgotpassword
Similar story for me. Docs were patchy at best, skimming existing dissectors
raised more questions than it answered.

Ended up implementing a stand alone tool just leveraging libpcap to parse the
pcap files and then process the according TCP packets from there, dumping
information to stdout. Definitely not as nice as interactively examining
packets in wireshark, but at least got it done in two days and actually found
the underlying problem we were trying to find.

Wonder how much easier it would've been with this.

~~~
freedomben
Yes, me too! Ended up using libpcap which was displayed in a Java Swing GUI.
It's amazing that it was less work that way but we were able to get it working
in a couple of days that way.

------
as-j
Damn! I wish I'd known about this in 2018 when I wrote a Lua dissector for
Wireshark while trying to diagnose an outage. We had a custom in house server,
with a custom protocol and no way to diagnose it. (don't get me started) So
using tcpdump/wireshark to capture an analyze the failure was whatI took on.

It's incredibly powerful, and a useful feature in Wireshark. Being able to
reload/rerun the dissector over packets was amazing and made development
really quick and easy, especially in an emergency.

The wireshark docs though, as a bit rough to read, so have a walkthrough is
great.

------
the1337zmrly
seems lit, let me check out

