diff options
author | lonkaars <loek@pipeframe.xyz> | 2024-05-01 12:43:26 +0200 |
---|---|---|
committer | lonkaars <loek@pipeframe.xyz> | 2024-05-01 12:43:26 +0200 |
commit | bee4b8c09ff3a3720855266a2c417e262c082441 (patch) | |
tree | 799151bc38583bee85e2c3b1d4ec6fa860404302 /wireshark | |
parent | cc28773b03a5ac1c2a8529c9d170f30b9b778d07 (diff) |
more notes + WIP wireshark pictochat dissector (brokey)
Diffstat (limited to 'wireshark')
-rw-r--r-- | wireshark/nifi.lua | 7 | ||||
-rw-r--r-- | wireshark/pictochat.lua | 14 | ||||
-rw-r--r-- | wireshark/readme.md | 4 | ||||
-rwxr-xr-x | wireshark/wireshark | 8 |
4 files changed, 27 insertions, 6 deletions
diff --git a/wireshark/nifi.lua b/wireshark/nifi.lua index d81ff31..2bc96a6 100644 --- a/wireshark/nifi.lua +++ b/wireshark/nifi.lua @@ -1,6 +1,3 @@ --- NOTE: my system is little-endian, so the .pcap files and this decoder expect --- little endian - local nifi = Proto("nifi", "Nintendo DS ni-fi") nifi.fields.magic = ProtoField.uint32("nifi.magic", "Magic", base.HEX) nifi.fields.senderid = ProtoField.int32("nifi.senderid", "SenderID", base.DEC) @@ -21,7 +18,7 @@ local nifi_type_enum_field = Field.new("nifi.type.enum") function nifi.dissector(buffer, pinfo, tree) -- check magic ("NIFI") if buffer(0, 4):uint() ~= 0x4e494649 then return end - local nifi_tree = tree:add(nifi, buffer(), "Ni-Fi data") + local nifi_tree = tree:add(nifi, buffer(0, 24), "Ni-Fi data") nifi_tree:add(nifi.fields.magic, buffer(0, 4)) nifi_tree:add_le(nifi.fields.senderid, buffer(4, 4)) @@ -36,5 +33,7 @@ function nifi.dissector(buffer, pinfo, tree) pinfo.cols.protocol = nifi.name pinfo.cols.src = nifi_senderid_field().display pinfo.cols.info = "type:" .. nifi_type_enum_field().display + + return 24 end diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua new file mode 100644 index 0000000..5eb8089 --- /dev/null +++ b/wireshark/pictochat.lua @@ -0,0 +1,14 @@ +local pc = Proto("pictochat", "Nintendo DS PictoChat") + +function pc.dissector(buffer, pinfo, tree) + + local pc_tree = tree:add(pc, buffer(), "PictoChat Message") + + pinfo.cols.protocol = pc.name + +end + +-- no worky +local nifi = DissectorTable.get("nifi.length") +nifi:add('>0', pc) + diff --git a/wireshark/readme.md b/wireshark/readme.md new file mode 100644 index 0000000..dfebf83 --- /dev/null +++ b/wireshark/readme.md @@ -0,0 +1,4 @@ +## notes + +- my system is little-endian, so the .pcap files and this decoder expect little + endian diff --git a/wireshark/wireshark b/wireshark/wireshark index 42c37a5..ee24518 100755 --- a/wireshark/wireshark +++ b/wireshark/wireshark @@ -1,5 +1,9 @@ #!/bin/sh -# simple wrapper to load nifi.lua script as DLT_USER0 dissecter +# simple wrapper to load lua scripts for DLT_USER0 here="$(dirname "$0")" -exec wireshark -X "lua_script:$here/nifi.lua" -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' "$@" +exec wireshark \ + -X "lua_script:$here/nifi.lua" \ + -X "lua_script:$here/pictochat.lua" \ + -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' \ + "$@" |