抓包工具Wireshark自定义协议解析lua脚本

因为游戏中通信用的是自定义的基于tcp的协议,原始数据都是二进制的,用这个解析后更方便抓包时查看。
使用方法:
1.保存为mygame.lua并复制到 X:\Program Files (x86)\Wireshark\
2.打开 X:\Program Files (x86)\Wireshark\init.lua
在末尾添加
dofile("mygame.lua")
3.重新打开wireshark,在过滤器框输入mygame回车,即可过滤mygame协议。

-- game protocol over tcp dissector for wireshark
do
local PROTO_MYGAME = Proto("MYGAME", "MYGAME Game Over Tcp")
-- header
local f_mygame_version = ProtoField.uint8("MYGAME.Version", "Version", base.DEC)
local f_mygame_compress_flag = ProtoField.int8("MYGAME.CompressFlag", "CompressFlag", base.DEC)
local f_mygame_pkgsign = ProtoField.uint8("MYGAME.PkgSign", "PkgSign", base.DEC)
local f_mygame_length = ProtoField.uint16("MYGAME.Length", "Length", base.DEC)
-- body
local f_mygame_msgtype = ProtoField.uint16("MYGAME.MsgType", "MsgType", base.DEC, 
{
[3000] = "MSG_KICK",
[3001] = "MSG_CHAT",
[3002] = "MSG_PAY",
}
)
PROTO_MYGAME.fields = {f_mygame_version, f_mygame_compress_flag, f_mygame_pkgsign, f_mygame_length, f_mygame_msgtype}
local data_dis = Dissector.get("data")
-- MYGAME Dissector Function
local function mygame_dissector(buf, pkt, root)
local buf_len = buf:len()
if buf_len < 7 then
return false
end
pkt.cols.protocol = "MYGAME"
pkt.cols.info = "MYGAME Game Over Tcp"
local t = root:add(PROTO_MYGAME, buf(0, 7))
t:add(f_mygame_version, buf(0,1))
t:add(f_mygame_compress_flag, buf(1,1))
t:add(f_mygame_pkgsign, buf(2,1))
t:add_le(f_mygame_length, buf(3,2))
t:add_le(f_mygame_msgtype, buf(5,2))
if buf_len > 7 then
local data_len = buf:len() - 7;
local d = root:add(buf(7, data_len), "Data")
d:append_text("("..data_len.." bytes)")
d:add(buf(7, data_len), "Data:")
d:add(buf(7, 0), "[Length:"..data_len.."]")
end
return true
end
function PROTO_MYGAME.dissector(buf, pkt, root)
if mygame_dissector(buf, pkt, root) then
-- valid
else
data_dis:call(buf, pkt, root)
end
end
local tcp_encap_table = DissectorTable.get("tcp.port")
tcp_encap_table:add(9020, PROTO_MYGAME)
end
阅读更多
文章标签: 网络通信 wireshark
个人分类: 网络通信
上一篇MTU最大传输单元与TCP中的MSS的关系
下一篇利用ndk-gdb调试时,检测到的app_abi为armeabi
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭