IPv6-Labor

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
ne:wireshark

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
ne:wireshark [2017/06/15 19:13] – [Dissector programmieren] adminne:wireshark [2023/03/17 04:53] (aktuell) – [Dissector programmieren] admin
Zeile 1: Zeile 1:
 ====== Wireshark ====== ====== Wireshark ======
  
 +==== Tutorial ====
 + * http://www.nwlab.net/tutorials/wireshark/
 +
 +
 +=== Windows: Loopback Interface ===
 +
 +  * https://nmap.org/npcap/
 +  
 +=== TCP Reassembly: ===
  
-**TCP Reassembly:** 
   * https://wiki.wireshark.org/TCP_Reassembly   * https://wiki.wireshark.org/TCP_Reassembly
  
-===== Dissector programmieren =====+=== Truncating Payloads and Anonymizing PCAP files === 
 + 
 +  * https://isc.sans.edu/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990
  
-**Offizielle Doku:** 
-    * https://wiki.wireshark.org/Lua/Dissectors#postdissectors 
-    * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html|Chapter 10. Lua Support in Wireshark]] 
-    * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html|Chapter 11. Wireshark’s Lua API Reference Manual]] 
-**Forum:** 
-    * [[https://ask.wireshark.org/questions/18517/calling-lua-dissectors-from-lua-dissector|Calling Lua Dissectors from Lua Dissector]] 
  
-**Anleitungen:** 
-    * https://delog.wordpress.com/2010/09/27/create-a-wireshark-dissector-in-lua/ 
-    * https://delog.wordpress.com/2012/06/25/obtain-dissection-data-field-and-fieldinfo/ 
-    * https://delog.wordpress.com/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua/ 
-    * https://delog.wordpress.com/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol/ 
-    * https://delog.wordpress.com/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets/ 
 ===== Display Filter ===== ===== Display Filter =====
  
Zeile 37: Zeile 35:
   * [[https://wiki.wireshark.org/Development/LibpcapFileFormat|File Format]]   * [[https://wiki.wireshark.org/Development/LibpcapFileFormat|File Format]]
   * Dev-Libraries Ubuntu: ''sudo apt-get install libpcap-dev''   * Dev-Libraries Ubuntu: ''sudo apt-get install libpcap-dev''
 +
 +===== Wireshark ohne Root-Rechte =====
 +<code bash>
 +sudo chgrp admin /usr/bin/dumpcap 
 +sudo chmod 750 /usr/bin/dumpcap 
 +sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
 +</code>
 +Danach kann man mit Wireshark auch ohne Root-Rechte sniffen.
 +
 +===== Dissector programmieren =====
 +
 +**Offizielle Doku:**
 +    * https://wiki.wireshark.org/Lua/Dissectors
 +    * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html|Chapter 10. Lua Support in Wireshark]]
 +    * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html|Chapter 11. Wireshark’s Lua API Reference Manual]]
 +    * https://anonsvn.wireshark.org/wireshark/trunk-1.6/doc/README.developer - **C HOWTO**
 +**Forum:**
 +    * [[https://ask.wireshark.org/questions/18517/calling-lua-dissectors-from-lua-dissector|Calling Lua Dissectors from Lua Dissector]]
 +    * [[https://stackoverflow.com/questions/8138478/how-to-dissect-a-field-in-an-already-dissected-package-in-wireshark-using-lua|How to dissect a field in an already dissected package]]
 +    * [[https://stackoverflow.com/questions/35389003/get-http-payload-when-writing-wireshark-lua-chained-http-dissector|Get HTTP payload when writing chained HTTP dissector]]
 +    * [[https://stackoverflow.com/questions/20516587/reassemble-pdus-in-lua-wireshark-dissector|Reassemble PDUs in lua wireshark dissector]]
 +    * https://ask.wireshark.org/questions/58247/ssl-lua-dissector-how
 +    * https://ask.wireshark.org/question/6760/how-to-handle-6-byte-unsigned-integer-field-in-lua-dissector/
 +
 +
 +**Anleitungen:**
 +    * https://mika-s.github.io/topics/ - **Great introduction to Wireshark Dissectors in LUA**
 +    * http://www.lua.org/pil/contents.html - **Introduction to LUA**
 +    * https://sharkfestus.wireshark.org/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf
 +    * https://tewarid.github.io/2010/09/27/create-a-wireshark-dissector-in-lua.html
 +    * https://tewarid.github.io/2012/06/25/obtain-dissection-data-using-field-and-fieldinfo.html
 +    * https://tewarid.github.io/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua.html
 +    * https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html
 +    * https://tewarid.github.io/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets.html
 +    * https://lowentropymusings.wordpress.com/2013/10/02/registering-dissectors-for-unknown-mime-types-in-wireshark/
 +    * https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html
 +
 +**Beispiele:**
 +  * https://github.com/Cilab/Wireshark-MQTT
 +  * https://github.com/magicmonkey/lifxjs (im Wireshark Verzeichnis)
 +  * https://www.heise.de/ratgeber/Paeckchen-sezieren-Das-Protokollanalysetool-Wireshark-mit-Lua-erweitern-4801112.html
ne/wireshark.1497553999.txt.gz · Zuletzt geändert: von admin