diff options
| author | lonkaars <loek@pipeframe.xyz> | 2024-04-29 18:40:03 +0200 |
|---|---|---|
| committer | lonkaars <loek@pipeframe.xyz> | 2024-04-29 18:40:03 +0200 |
| commit | 8f33d9c9a7c95f17c480782fee3b5e405d41a79c (patch) | |
| tree | c3898b34563d5225d6027e4b6138c16e1172534d /wireshark | |
| parent | 8934da54f4bf6101ae03cdc9ef4644d9d26297f3 (diff) | |
WIP wireshark dissector
Diffstat (limited to 'wireshark')
| -rw-r--r-- | wireshark/nifi-dissect.lua | 32 | ||||
| -rwxr-xr-x | wireshark/wireshark | 5 |
2 files changed, 37 insertions, 0 deletions
diff --git a/wireshark/nifi-dissect.lua b/wireshark/nifi-dissect.lua new file mode 100644 index 0000000..98520e5 --- /dev/null +++ b/wireshark/nifi-dissect.lua @@ -0,0 +1,32 @@ +proto = Proto("NIFI", "Nintendo DS ni-fi") + +MAGIC = ProtoField.uint32("nifi.magic", "Magic", base.HEX) +SENDERID = ProtoField.int32("nifi.senderid", "SenderID", base.DEC) +TYPE = ProtoField.uint32("nifi.type", "Type", base.DEC) +LENGTH = ProtoField.uint32("nifi.length", "Length", base.DEC) +TIMESTAMP = ProtoField.uint64("nifi.timestamp", "Timestamp", base.DEC) + +proto.fields = { + MAGIC, + SENDERID, + TYPE, + LENGTH, + TIMESTAMP, +} + +function proto.dissector(buffer, pinfo, tree) + -- check magic ("NIFI") + if buffer(0, 4):uint() ~= 0x4e494649 then return end + + pinfo.cols.protocol = proto.name + + local subtree = tree:add(proto, buffer(), "Ni-Fi data") + + subtree:add(MAGIC, buffer(0, 4)) + subtree:add_le(SENDERID, buffer(4, 4)) + pinfo.cols.src = tostring(buffer(4, 4):le_int()) + subtree:add_le(TYPE, buffer(8, 4)) + subtree:add_le(LENGTH, buffer(12, 4)) + subtree:add_le(TIMESTAMP, buffer(16, 8)) +end + diff --git a/wireshark/wireshark b/wireshark/wireshark new file mode 100755 index 0000000..b871ea3 --- /dev/null +++ b/wireshark/wireshark @@ -0,0 +1,5 @@ +#!/bin/sh +# simple wrapper to load nifi-dissect script as DLT_USER0 dissecter +here="$(dirname "$0")" +exec wireshark -X "lua_script:$here/nifi-dissect.lua" -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' "$@" + |