I have been trying to create dissectors for Wireshark using Lua. The issue is that I have different packets that use the same port number. I found out that one solution to this problem is to create a generic dissector that checks the type of packet and then sends the packet data to the corresponding dissector from here. I am however not sure why doesn't multiple dissectors with same port number work in wireshark. Also I am not sure how to create the generic dissector. Specifically I am not sure how the generic dissector will pass the information to the specific dissector and how will it get back the information to display it. Another thing that I am doubtful about is that in the event I create a generic dissector, how should I design it such that I can select the types of packets to decode using the generic dissector. Please let me know what could be done in this case. Thanks.
0
votes
1 Answers
0
votes
I think you want to register your Lua dissectors as heuristic dissectors. Refer to Section 11.6.5.3 of the Wireshark Developer's Guide for the register_heuristic Lua function to do that.
If you're looking for Lua sample heuristic dissectors, I'd recommend visiting the Wireshark wiki and viewing some of the examples there, for example, the dissector.lua dissector located on the Wireshark Lua Examples wiki page.
