wireshark dissector

2 files changed, 28 insertions, 0 deletions

diff --git a/wireshark/README.org b/wireshark/README.org
new file mode 100644
index 0000000..5cff8f2
--- /dev/null
+++ b/wireshark/README.org
@@ -0,0 +1,4 @@
+The Lua code in this directory implements a HBBP protocol dissector
+for wireshark.  Add the Lua code to /usr/share/wireshark/init.lua.  If
+you intend to run wireshark as root make sure to comment out the
+appropriate lines in this file to allow Lua to run.
diff --git a/wireshark/hbbp_dissector.lua b/wireshark/hbbp_dissector.lua
new file mode 100644
index 0000000..73316f5
--- /dev/null
+++ b/wireshark/hbbp_dissector.lua
@@ -0,0 +1,24 @@
+hbbp_proto = Proto("hbbp","Home Brew Broadcast Protocol")
+-- create a function to dissect it
+function hbbp_proto.dissector(buffer,pinfo,tree)
+    pinfo.cols.protocol = "HBBP"
+    local subtree = tree:add(hbbp_proto,buffer(),"HBBP Data")
+    
+    local i = 0
+    local b = buffer():bytes()
+    
+    while (i<b:len() and b:get_index(i)~=0) do
+      i = i + 1
+    end
+    if i==0 then
+       return (nil)
+    end
+    subtree:add(buffer(0,i),"Task: " .. buffer(0,i):string())   
+    if b:get_index(i) == 0 then
+       subtree:add(buffer(i+1),"Payload: [Length " .. buffer:len()-i .. "]")   
+    end
+end
+-- load the udp.port table
+udp_table = DissectorTable.get("udp.port")
+-- register our protocol to handle udp port 4950
+udp_table:add(4950,hbbp_proto)
\ No newline at end of file