aboutsummaryrefslogtreecommitdiff
path: root/wireshark
diff options
context:
space:
mode:
authorLoek Le Blansch <loek@pipeframe.xyz>2024-08-19 16:31:30 +0200
committerLoek Le Blansch <loek@pipeframe.xyz>2024-08-19 16:31:30 +0200
commite834c884e0f123420c094daa848b69ebb703754d (patch)
treece32e71e722b3a4ae5fc4ae7f29380227296b853 /wireshark
parentb901e2feaa871cea58d9d507e6c0fcc81fadf1d6 (diff)
WIP more dissect + notes
Diffstat (limited to 'wireshark')
-rw-r--r--wireshark/pictochat.lua18
1 files changed, 16 insertions, 2 deletions
diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua
index ff09783..56300c3 100644
--- a/wireshark/pictochat.lua
+++ b/wireshark/pictochat.lua
@@ -15,7 +15,13 @@ pc.fields.host = ProtoField.ether("pictochat.host", "Room host")
pc.fields.src = ProtoField.ether("pictochat.src", "Source")
pc.fields.dst = ProtoField.ether("pictochat.dst", "Destination")
+-- Content offset appears to be some kind of offset for indicating where to
+-- store the current frame's data in a larger buffer. Messages sent in multiple
+-- parts increment this value by 160 for each new original (pictochat.resend ==
+-- 2) message.
pc.fields.content_offset = ProtoField.uint16("pictochat.content_offset", "Content offset")
+-- This appears to be the actual message content (the drawing) sent as an array
+-- of 8x8 tiles.
pc.fields.content = ProtoField.bytes("pictochat.content", "Content")
pc.fields.sequence = ProtoField.uint16("pictochat.sequence", "Packet sequence")
@@ -36,7 +42,10 @@ function pc.dissector(buffer, pinfo, tree)
pc_tree:add_le(pc.fields.msg_type, buffer(0x00, 2))
pc_tree:add_le(pc.fields.resend, buffer(0x02, 2))
+ pc_tree:add(pc.fields.unknown, buffer(0x04, 6))
pc_tree:add_le(pc.fields.length, buffer(0x0a, 2))
+ pc_tree:add(pc.fields.unknown, buffer(0x0c, 2))
+ pc_tree:add(pc.fields.unknown, buffer(0x0e, 2))
pc_tree:add_le(pc.fields.dst, buffer(0x10, 6))
pc_tree:add_le(pc.fields.src, buffer(0x16, 6))
pc_tree:add_le(pc.fields.host, buffer(0x1c, 6))
@@ -46,12 +55,16 @@ function pc.dissector(buffer, pinfo, tree)
pinfo.cols.dst = tostring(pc_dst_field())
pinfo.cols.info = pc_msg_type_field().display .. ", " .. pc_resend_field().display
- pc_tree:add_le(pc.fields.unknown, buffer(0x22, 2))
+ pc_tree:add_le(pc.fields.unknown, buffer(0x22, 2)) -- counting
pc_tree:add_le(pc.fields.unknown, buffer(0x24, 2))
+ pc_tree:add_le(pc.fields.resend, buffer(0x26, 2))
+ pc_tree:add(pc.fields.unknown, buffer(0x28, 6))
+ pc_tree:add(pc.fields.unknown, buffer(0x2e, 4))
local msg_type = pc_msg_type_field()()
if msg_type == 0 then -- type = Normal (TODO: this should be 'message = drawing')
pc_tree:add_le(pc.fields.content_offset, buffer(0x32, 2))
+ pc_tree:add_le(pc.fields.unknown, buffer(0x34, 2))
local content_length = pc_length_field()() - 50 -- TODO: why 50?
buffer = buffer(0x36)
@@ -60,7 +73,8 @@ function pc.dissector(buffer, pinfo, tree)
pc_tree:add_le(pc.fields.sequence, buffer(0x00, 2))
pc_tree:add_le(pc.fields.resend, buffer(0x02, 2)) -- copy
- pc_tree:add(pc.fields.unknown, buffer(0x04, 4))
+ pc_tree:add(pc.fields.unknown, buffer(0x04, 2))
+ pc_tree:add(pc.fields.unknown, buffer(0x06, 2))
end