* http://www.nwlab.net/tutorials/wireshark/

• https://nmap.org/npcap/

• https://wiki.wireshark.org/TCP_Reassembly

• https://isc.sans.edu/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990

Display only SYN-Packets – tcp.flags.syn==1 && !tcp.flags.ack==1
Display SYN-ACK-Packets – tcp.flags.syn==1 && tcp.flag.ack==1

Only TCP SYN: tcp[0xd]&18=2

Durch das Hinzufügen zwei weiterer 'Custom'-Spalten lässt sich die TCP-Analyse vereinfachen:

  tcp.stream
  tcp.time_delta

• File Format
• Dev-Libraries Ubuntu: sudo apt-get install libpcap-dev

sudo chgrp admin /usr/bin/dumpcap 
sudo chmod 750 /usr/bin/dumpcap 
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap

Danach kann man mit Wireshark auch ohne Root-Rechte sniffen.

Offizielle Doku:

• https://wiki.wireshark.org/Lua/Dissectors
• Chapter 10. Lua Support in Wireshark
• Chapter 11. Wireshark’s Lua API Reference Manual
• https://anonsvn.wireshark.org/wireshark/trunk-1.6/doc/README.developer - C HOWTO

Forum:

• Calling Lua Dissectors from Lua Dissector
• How to dissect a field in an already dissected package
• Get HTTP payload when writing chained HTTP dissector
• Reassemble PDUs in lua wireshark dissector
• https://ask.wireshark.org/questions/58247/ssl-lua-dissector-how
• https://ask.wireshark.org/question/6760/how-to-handle-6-byte-unsigned-integer-field-in-lua-dissector/

Anleitungen:

• https://mika-s.github.io/topics/ - Great introduction to Wireshark Dissectors in LUA
• http://www.lua.org/pil/contents.html - Introduction to LUA
• https://sharkfestus.wireshark.org/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf
• https://tewarid.github.io/2010/09/27/create-a-wireshark-dissector-in-lua.html
• https://tewarid.github.io/2012/06/25/obtain-dissection-data-using-field-and-fieldinfo.html
• https://tewarid.github.io/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua.html
• https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html
• https://tewarid.github.io/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets.html
• https://lowentropymusings.wordpress.com/2013/10/02/registering-dissectors-for-unknown-mime-types-in-wireshark/
• https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html

Beispiele:

• https://github.com/Cilab/Wireshark-MQTT
• https://github.com/magicmonkey/lifxjs (im Wireshark Verzeichnis)
• https://www.heise.de/ratgeber/Paeckchen-sezieren-Das-Protokollanalysetool-Wireshark-mit-Lua-erweitern-4801112.html