Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- ne:wireshark [2017/06/15 19:19] – [Dissector programmieren] admin
+++ ne:wireshark [2023/03/17 04:53] (aktuell) – [Dissector programmieren] admin
@@ Zeile 1: / Zeile 1: @@
 ====== Wireshark ======
+==== Tutorial ====
+ * http://www.nwlab.net/tutorials/wireshark/
+=== Windows: Loopback Interface ===
+  * https://nmap.org/npcap/
+=== TCP Reassembly: ===
-**TCP Reassembly:**
   * https://wiki.wireshark.org/TCP_Reassembly
-===== Dissector programmieren =====
+=== Truncating Payloads and Anonymizing PCAP files ===
+  * https://isc.sans.edu/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990
-**Offizielle Doku:**
-    * https://wiki.wireshark.org/Lua/Dissectors#postdissectors
-    * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html|Chapter 10. Lua Support in Wireshark]]
-    * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html|Chapter 11. Wireshark’s Lua API Reference Manual]]
-**Forum:**
-    * [[https://ask.wireshark.org/questions/18517/calling-lua-dissectors-from-lua-dissector|Calling Lua Dissectors from Lua Dissector]]
-    * [[https://stackoverflow.com/questions/8138478/how-to-dissect-a-field-in-an-already-dissected-package-in-wireshark-using-lua|How to dissect a field in an already dissected package]]
-    * [[https://stackoverflow.com/questions/35389003/get-http-payload-when-writing-wireshark-lua-chained-http-dissector|Get HTTP payload when writing chained HTTP dissector]]
-**Anleitungen:**
-    * https://delog.wordpress.com/2010/09/27/create-a-wireshark-dissector-in-lua/
-    * https://delog.wordpress.com/2012/06/25/obtain-dissection-data-field-and-fieldinfo/
-    * https://delog.wordpress.com/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua/
-    * https://delog.wordpress.com/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol/
-    * https://delog.wordpress.com/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets/
 ===== Display Filter =====
@@ Zeile 39: / Zeile 35: @@
   * [[https://wiki.wireshark.org/Development/LibpcapFileFormat|File Format]]
   * Dev-Libraries Ubuntu: ''sudo apt-get install libpcap-dev''
+===== Wireshark ohne Root-Rechte =====
+<code bash>
+sudo chgrp admin /usr/bin/dumpcap
+sudo chmod 750 /usr/bin/dumpcap
+sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
+</code>
+Danach kann man mit Wireshark auch ohne Root-Rechte sniffen.
+===== Dissector programmieren =====
+**Offizielle Doku:**
+    * https://wiki.wireshark.org/Lua/Dissectors
+    * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html|Chapter 10. Lua Support in Wireshark]]
+    * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html|Chapter 11. Wireshark’s Lua API Reference Manual]]
+    * https://anonsvn.wireshark.org/wireshark/trunk-1.6/doc/README.developer - **C HOWTO**
+**Forum:**
+    * [[https://ask.wireshark.org/questions/18517/calling-lua-dissectors-from-lua-dissector|Calling Lua Dissectors from Lua Dissector]]
+    * [[https://stackoverflow.com/questions/8138478/how-to-dissect-a-field-in-an-already-dissected-package-in-wireshark-using-lua|How to dissect a field in an already dissected package]]
+    * [[https://stackoverflow.com/questions/35389003/get-http-payload-when-writing-wireshark-lua-chained-http-dissector|Get HTTP payload when writing chained HTTP dissector]]
+    * [[https://stackoverflow.com/questions/20516587/reassemble-pdus-in-lua-wireshark-dissector|Reassemble PDUs in lua wireshark dissector]]
+    * https://ask.wireshark.org/questions/58247/ssl-lua-dissector-how
+    * https://ask.wireshark.org/question/6760/how-to-handle-6-byte-unsigned-integer-field-in-lua-dissector/
+**Anleitungen:**
+    * https://mika-s.github.io/topics/ - **Great introduction to Wireshark Dissectors in LUA**
+    * http://www.lua.org/pil/contents.html - **Introduction to LUA**
+    * https://sharkfestus.wireshark.org/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf
+    * https://tewarid.github.io/2010/09/27/create-a-wireshark-dissector-in-lua.html
+    * https://tewarid.github.io/2012/06/25/obtain-dissection-data-using-field-and-fieldinfo.html
+    * https://tewarid.github.io/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua.html
+    * https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html
+    * https://tewarid.github.io/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets.html
+    * https://lowentropymusings.wordpress.com/2013/10/02/registering-dissectors-for-unknown-mime-types-in-wireshark/
+    * https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html
+**Beispiele:**
+  * https://github.com/Cilab/Wireshark-MQTT
+  * https://github.com/magicmonkey/lifxjs (im Wireshark Verzeichnis)
+  * https://www.heise.de/ratgeber/Paeckchen-sezieren-Das-Protokollanalysetool-Wireshark-mit-Lua-erweitern-4801112.html