Wirershark解析自定义协议数据插件

蜗牛的编码旅程
已于 2023-07-26 17:11:45 修改
阅读量1.2k
点赞数
分类专栏： C语言学习过程文章标签： lua 开发语言
于 2023-06-19 16:01:10 首次发布
本文链接：https://blog.csdn.net/m0_37605465/article/details/131289708
版权
C语言学习过程专栏收录该内容
3 篇文章 0 订阅
订阅专栏
 -----------------------------------------------------------------
 -- wireshark分析udp sample协议插件
 -- 将自定义协议以可读的方式展示在wireshark中
 -----------------------------------------------------------------
 --基于UDP协议
 local udp_table = DissectorTable.get("udp.port")
 local my_proto = Proto("example", "example Protocol")
 --协议端口号
 local my_port = 55000
 
 --定义协议字段内容
 local ProducerField = ProtoField.string("Producer", "Producer")
 local ProductTypeField = ProtoField.string("Product Type", "Product Type")
 local PkgTypeField = ProtoField.string("Package Type", "Package Type")
 local StartPosField = ProtoField.string("StartPos", "StartPos")
 --local ProtocolField = ProtoField.string("Protocol", "Protocol")
 local VersionField = ProtoField.uint16("Version", "Version", base.HEX)
 local PkgNumField = ProtoField.uint16("PackageNum", "PackageNum", base.HEX)
 local PkgLenField = ProtoField.uint16("PackageLen", "PackageLen", base.HEX)
 
 local SnField = ProtoField.string("SnField", "SnField")
 local LogicalAddrField = ProtoField.string("LogicalAddr", "LogicalAddr", base.HEX)
 local InstallPosField = ProtoField.string("InstallPos", "InstallPos", base.HEX) 
 
 local MasterBOOTField = ProtoField.ipv4("MasterBOOT", "MasterBOOT")
 local MasterImageField = ProtoField.ipv4("MasterImage", "MasterImage")
 local BakBOOTField = ProtoField.ipv4("BakBOOT", "BakBOOT")
 local BakImageField = ProtoField.ipv4("BakImage", "BakImage")
 
 --local BOOTsizeField = ProtoField.uint32("BOOTsize", "BOOTsize")
 --local EnvversionField = ProtoField.ipv4("EnvversionField", "EnvversionField")
 --local EnvsizeField = ProtoField.uint32("EnvsizeField", "EnvsizeField")
 --local ImageversionField = ProtoField.ipv4("Imageversion", "Imageversion")
 --local ImagesizeField = ProtoField.uint32("Imagesize", "Imagesize")
 --local SyserrField = ProtoField.uint8("Syserr", "Syserr", base.HEX)
 --local HarderrField = ProtoField.uint32("Harderr", "Harderr", base.HEX)
 --local Dirty_stateField = ProtoField.uint8("Dirty_state", "Dirty_state", base.DEC)
 --local PtpsyncField = ProtoField.uint8("Ptpsync", "Ptpsync", base.DEC)
 --local FixResultField = ProtoField.uint8("FixResult", "FixResult", base.DEC)
 
 local IPField = ProtoField.ipv4("IP", "IP")
 local NetmaskField = ProtoField.ipv4("Netmask", "Netmask")
 local GatewayField = ProtoField.ipv4("Gateway", "Gateway")
 local NetmacaddrField = ProtoField.ether("Netmacaddr", "Netmacaddr")
 local DestIPField = ProtoField.ipv4("DestIP", "DestIP")
 local UdpPortField = ProtoField.uint32("UdpPort", "UdpPort", base.DEC)
 
 local DevWorkModeField = ProtoField.uint8("DevWorkMode", "DevWorkMode", base.HEX)
 local Time_syncField = ProtoField.uint8("Time_sync", "Time_sync", base.DEC)

 --local retro_switchField = ProtoField.uint8("retro_switch", "retro_switch", base.DEC)

 --local Frame_sync_offsetField = ProtoField.uint32("Frame_sync_offset", "Frame_sync_offset", base.DEC)
 local dual_echoField = ProtoField.uint8("dual_echo", "dual_echo", base.DEC) 

 local DelPointField = ProtoField.uint8("DelPoint", "DelPoint", base.DEC) 
 local RetroSwitchField = ProtoField.uint8("RetroSwitch", "RetroSwitch", base.DEC) 
 local AdhesionSwitchField = ProtoField.uint8("AdhesionSwitch", "AdhesionSwitch", base.DEC) 
 local GraySmoothSwitchField = ProtoField.uint8("GraySmoothSwitch", "GraySmoothSwitch", base.DEC) 
 local DownSampleModeField = ProtoField.uint8("DownSampleMode", "DownSampleMode", base.DEC) 
 local DirtyDetectSwitchField = ProtoField.uint8("DirtyDetectSwitch", "DirtyDetectSwitch", base.DEC) 
 local FrameSyncSwitchField = ProtoField.uint8("FrameSyncSwitch", "FrameSyncSwitch", base.DEC) 
 local TimeSyncModeField = ProtoField.uint8("TimeSyncMode", "TimeSyncMode", base.DEC)
 local BatVoltStatusField = ProtoField.uint8("BatVoltStatus", "BatVoltStatus", base.DEC) 
 local ApdTiaStatusField = ProtoField.uint8("ApdTiaStatus", "ApdTiaStatus", base.DEC) 
 local MemsStatusField = ProtoField.uint8("MemsStatus", "MemsStatus", base.DEC) 
 local LDStatusField = ProtoField.uint8("LDStatus", "LDStatus", base.DEC) 
 local MemoryStatusField = ProtoField.uint8("MemoryStatus", "MemoryStatus", base.DEC) 
 local HighSpeedAdcStatusField = ProtoField.uint8("HighSpeedAdcStatus", "HighSpeedAdcStatus", base.DEC) 
 local FpgaStatusField = ProtoField.uint8("FpgaStatus", "FpgaStatus", base.DEC)  
 local CpuStatusField = ProtoField.uint8("CpuStatus", "CpuStatus", base.DEC)  
 local OpticalWinStatusField = ProtoField.uint8("OpticalWinStatus", "OpticalWinStatus", base.DEC)  
 local PointCloundStatusField = ProtoField.uint8("PointCloundStatus", "PointCloundStatus", base.DEC)  
 local InnerCommunStatusField = ProtoField.uint8("InnerCommunStatus", "InnerCommunStatus", base.DEC) 
 local InnerVoltStatusField = ProtoField.uint8("InnerVoltStatus", "InnerVoltStatus", base.DEC) 
 local InnerTempStatusField = ProtoField.uint8("InnerTempStatus", "InnerTempStatus", base.DEC) 
 local OuterCommunStatusField = ProtoField.uint8("OuterCommunStatus", "OuterCommunStatus", base.DEC) 
 
 --local Retro_intensityField = ProtoField.uint8("Retro_intensity", "Retro_intensity", base.DEC) 
 --local Retro_percentField = ProtoField.uint8("Retro_percent", "Retro_percent", base.DEC) 
 --local angle_send_switchField = ProtoField.uint8("angle_send_switch", "angle_send_switch", base.DEC)  
 --local DownsampleField = ProtoField.uint8("Downsample", "Downsample", base.DEC) 
 --local Dirty_check_thresholdField = ProtoField.uint16("Dirty_check_threshold", "Dirty_check_threshold", base.DEC) 
 --local Dirty_check_threshold_rsetField = ProtoField.uint16("Dirty_check_threshold_rset", "Dirty_check_threshold_rset", base.DEC) 
 --local Dirty_switchField = ProtoField.uint8("Dirty_switch", "Dirty_switch", base.DEC) 
 --local Dirty_freshField = ProtoField.uint8("Dirty_fresh", "Dirty_fresh", base.DEC)  
 --local Dirty_detect_cycleField = ProtoField.uint16("Dirty_detect_cycle", "Dirty_detect_cycle", base.DEC) 
 --local Diagnose_switchField = ProtoField.uint8("Diagnose_switch", "Diagnose_switch", base.DEC)
 --local Dirty_inner_thresholdField = ProtoField.uint16("Dirty_inner_threshold", "Dirty_inner_threshold", base.DEC) 
 --local Dirty_outer_thresholdField = ProtoField.uint16("Dirty_outer_threshold", "Dirty_outer_threshold", base.DEC)
 --local point_loss_thresholdField = ProtoField.uint16("point_loss_threshold", "point_loss_threshold", base.DEC)
 --local diagnose_controlField = ProtoField.uint8("diagnose_control", "diagnose_control", base.HEX)
 --local hardware_controlField = ProtoField.uint32("hardware_control", "hardware_control", base.HEX)
 --local Dhcp_enableField = ProtoField.uint8("Dhcp_enable", "Dhcp_enable", base.DEC)
 --local GatewayField = ProtoField.ipv4("Gateway", "Gateway")
 --local Delete_PointField = ProtoField.uint8("Delete_Point", "Delete_Point", base.DEC)
 --local Adhesion_switchField = ProtoField.uint8("Adhesion_switch", "Adhesion_switch", base.DEC)
 --local para_config_switchField = ProtoField.uint8("para_config_switch", "para_config_switch", base.DEC)
 --local Config_versionField = ProtoField.uint24("Config_version", "Config_version", base.HEX) 
 
 --local MacaddrField = ProtoField.ether("Macaddr", "Macaddr")

 my_proto.fields = {
 ProducerField, ProductTypeField,  PkgTypeField,     StartPosField,   VersionField,    PkgNumField,
 PkgLenField,   SnField,           LogicalAddrField, InstallPosField, MasterBOOTField, MasterImageField,
 BakBOOTField,  BakImageField,     IPField,          NetmaskField,    GatewayField,    NetmacaddrField,
 DestIPField,   UdpPortField,      DevWorkModeField, Time_syncField,  dual_echoField,  DelPointField,
 RetroSwitchField,      AdhesionSwitchField, GraySmoothSwitchField,   DownSampleModeField, DirtyDetectSwitchField,
 FrameSyncSwitchField,  TimeSyncModeField,   BatVoltStatusField,      ApdTiaStatusField,   MemsStatusField,
 LDStatusField,         MemoryStatusField,   HighSpeedAdcStatusField, FpgaStatusField,   CpuStatusField,
 OpticalWinStatusField, PointCloundStatusField, InnerCommunStatusField, InnerVoltStatusField,
 InnerTempStatusField,  OuterCommunStatusField
}
 
 --协议分析器
 function my_proto.dissector(buffer, pinfo, tree)
 pinfo.cols.protocol:set("ml30sp_b1_heart")
 
 local len = buffer:len()
 local myProtoTree = tree:add(my_proto, buffer(0, len), "ml30sp_b1_heart")
 local offset = 0
 
 myProtoTree:add(ProducerField, buffer(offset, 3))
 offset = offset + 3
 
 myProtoTree:add(ProductField, buffer(offset, 12))
 offset = offset + 12
 
 myProtoTree:add(PkgTypeField, buffer(offset, 8))
 offset = offset + 8
 
 myProtoTree:add(StartPosField, buffer(offset, 1))
 offset = offset + 1
 
 myProtoTree:add(VersionField, buffer(offset, 2))
 offset = offset + 2
 
 myProtoTree:add(PkgNumField, buffer(offset, 2))
 offset = offset + 2

 myProtoTree:add(PkgLenField, buffer(offset, 2))
 offset = offset + 2
 
 myProtoTree:add(SnField, buffer(offset, 18))
 offset = offset + 18
 
 myProtoTree:add(LogicalAddrField, buffer(offset, 2))
 offset = offset + 2
 
 myProtoTree:add(InstallPosField, buffer(offset, 1))
 offset = offset + 2 
 
 --reserved 32
 offset = offset + 32
 
 myProtoTree:add(MasterBOOTField, buffer(offset, 4))
 offset = offset + 4
 
 myProtoTree:add(MasterImageField, buffer(offset, 4))
 offset = offset + 4
 
 myProtoTree:add(BakBOOTField, buffer(offset, 4))
 offset = offset + 4
 
 myProtoTree:add(BakImageField, buffer(offset, 4))
 offset = offset + 4
 
 --reserved 32
 offset = offset + 32
 
 myProtoTree:add(IPField, buffer(offset, 4))
 offset = offset + 4
 
 myProtoTree:add(NetmaskField, buffer(offset, 4))
 offset = offset + 4
 
 myProtoTree:add(GatewayField, buffer(offset, 4))
 offset = offset + 4

 myProtoTree:add(NetmacaddrField, buffer(offset, 6))
 offset = offset + 6
 
 myProtoTree:add(DestIPField, buffer(offset, 4))
 offset = offset + 4
 
 myProtoTree:add(UdpPortField, buffer(offset, 2))
 offset = offset + 2

 --reserved 32
 offset = offset + 32
 
 myProtoTree:add(DevWorkModeField, buffer(offset, 1))
 offset = offset + 1
 
 myProtoTree:add(Time_syncField, buffer(offset, 1))
 offset = offset + 1
 
 --reserved 32
 offset = offset + 11
 
 myProtoTree:add(TimeSyncModeField, buffer(offset, 1))
 offset = offset + 1
 
 myProtoTree:add(BatVoltStatusField, buffer(offset, 1))
 offset = offset + 1
 
 myProtoTree:add(ApdTiaStatusField, buffer(offset, 1))
 offset = offset + 1

 myProtoTree:add(MemsStatusField, buffer(offset, 1))
 offset = offset + 1

 myProtoTree:add(LDStatusField, buffer(offset, 1))
 offset = offset + 1
 
 myProtoTree:add(MemoryStatusField, buffer(offset, 1))
 offset = offset + 1
  
 myProtoTree:add(HighSpeedAdcStatusField, buffer(offset, 1))
 offset = offset + 1

 myProtoTree:add(FpgaStatusField, buffer(offset, 1))
 offset = offset + 1
 
 myProtoTree:add(CpuStatusField, buffer(offset, 1))
 offset = offset + 1
 
 myProtoTree:add(OpticalWinStatusField, buffer(offset, 1))
 offset = offset + 1

 myProtoTree:add(PointCloundStatusField, buffer(offset, 1))
 offset = offset + 1

 myProtoTree:add(InnerCommunStatusField, buffer(offset, 1))
 offset = offset + 1
 
 myProtoTree:add(InnerVoltStatusField, buffer(offset, 1))
 offset = offset + 1 
 
 myProtoTree:add(InnerTempStatusField, buffer(offset, 1))
 offset = offset + 1 

 myProtoTree:add(OuterCommunStatusField, buffer(offset, 1))
 offset = offset + 1 
 
 end

 --增加协议到Wireshark中
 udp_table:add(my_port, my_proto)
将自己的lua文件拖到wireshark安装目录，然后在init.lua文件最后一行添加:dofile(DATA_DIR…“example.lua”)，重新打开wireshark软件就可以解析自定义格式数据，以便直观的观察调试数据。
蜗牛的编码旅程
关注
0
点赞
踩
3

收藏

觉得还不错? 一键收藏
0
评论
Wirershark解析自定义协议数据插件

将自己的lua文件拖到wireshark安装目录，然后在init.lua文件最后一行添加:dofile(DATA_DIR…“ml30sp_heart.lua”)，重新打开wireshark软件就可以解析自定义格式数据，以便直观的观察调试数据。
复制链接

扫一扫