aboutsummaryrefslogtreecommitdiff
path: root/wireshark
diff options
context:
space:
mode:
authorlonkaars <loek@pipeframe.xyz>2024-05-01 12:43:26 +0200
committerlonkaars <loek@pipeframe.xyz>2024-05-01 12:43:26 +0200
commitbee4b8c09ff3a3720855266a2c417e262c082441 (patch)
tree799151bc38583bee85e2c3b1d4ec6fa860404302 /wireshark
parentcc28773b03a5ac1c2a8529c9d170f30b9b778d07 (diff)
more notes + WIP wireshark pictochat dissector (brokey)
Diffstat (limited to 'wireshark')
-rw-r--r--wireshark/nifi.lua7
-rw-r--r--wireshark/pictochat.lua14
-rw-r--r--wireshark/readme.md4
-rwxr-xr-xwireshark/wireshark8
4 files changed, 27 insertions, 6 deletions
diff --git a/wireshark/nifi.lua b/wireshark/nifi.lua
index d81ff31..2bc96a6 100644
--- a/wireshark/nifi.lua
+++ b/wireshark/nifi.lua
@@ -1,6 +1,3 @@
--- NOTE: my system is little-endian, so the .pcap files and this decoder expect
--- little endian
-
local nifi = Proto("nifi", "Nintendo DS ni-fi")
nifi.fields.magic = ProtoField.uint32("nifi.magic", "Magic", base.HEX)
nifi.fields.senderid = ProtoField.int32("nifi.senderid", "SenderID", base.DEC)
@@ -21,7 +18,7 @@ local nifi_type_enum_field = Field.new("nifi.type.enum")
function nifi.dissector(buffer, pinfo, tree)
-- check magic ("NIFI")
if buffer(0, 4):uint() ~= 0x4e494649 then return end
- local nifi_tree = tree:add(nifi, buffer(), "Ni-Fi data")
+ local nifi_tree = tree:add(nifi, buffer(0, 24), "Ni-Fi data")
nifi_tree:add(nifi.fields.magic, buffer(0, 4))
nifi_tree:add_le(nifi.fields.senderid, buffer(4, 4))
@@ -36,5 +33,7 @@ function nifi.dissector(buffer, pinfo, tree)
pinfo.cols.protocol = nifi.name
pinfo.cols.src = nifi_senderid_field().display
pinfo.cols.info = "type:" .. nifi_type_enum_field().display
+
+ return 24
end
diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua
new file mode 100644
index 0000000..5eb8089
--- /dev/null
+++ b/wireshark/pictochat.lua
@@ -0,0 +1,14 @@
+local pc = Proto("pictochat", "Nintendo DS PictoChat")
+
+function pc.dissector(buffer, pinfo, tree)
+
+ local pc_tree = tree:add(pc, buffer(), "PictoChat Message")
+
+ pinfo.cols.protocol = pc.name
+
+end
+
+-- no worky
+local nifi = DissectorTable.get("nifi.length")
+nifi:add('>0', pc)
+
diff --git a/wireshark/readme.md b/wireshark/readme.md
new file mode 100644
index 0000000..dfebf83
--- /dev/null
+++ b/wireshark/readme.md
@@ -0,0 +1,4 @@
+## notes
+
+- my system is little-endian, so the .pcap files and this decoder expect little
+ endian
diff --git a/wireshark/wireshark b/wireshark/wireshark
index 42c37a5..ee24518 100755
--- a/wireshark/wireshark
+++ b/wireshark/wireshark
@@ -1,5 +1,9 @@
#!/bin/sh
-# simple wrapper to load nifi.lua script as DLT_USER0 dissecter
+# simple wrapper to load lua scripts for DLT_USER0
here="$(dirname "$0")"
-exec wireshark -X "lua_script:$here/nifi.lua" -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' "$@"
+exec wireshark \
+ -X "lua_script:$here/nifi.lua" \
+ -X "lua_script:$here/pictochat.lua" \
+ -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' \
+ "$@"