Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- ne:wireshark [2017/06/15 19:19] – [Dissector programmieren] admin
+++ ne:wireshark [2026/04/15 13:30] (aktuell) – [Display Filter] admin
@@ Zeile 1: / Zeile 1: @@
 ====== Wireshark ======
+==== Tutorial ====
+ * http://www.nwlab.net/tutorials/wireshark/
+=== Windows: Loopback Interface ===
+  * https://nmap.org/npcap/
+=== TCP Reassembly: ===
-**TCP Reassembly:**
   * https://wiki.wireshark.org/TCP_Reassembly
+=== Truncating Payloads and Anonymizing PCAP files ===
+  * https://isc.sans.edu/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990
+===== TCP Analyse =====
+==== Display Filter ====
+Display only SYN-Packets --
+''tcp.flags.syn==1 && !tcp.flags.ack==1'' \\
+Display SYN-ACK-Packets -- ''tcp.flags.syn==1 && tcp.flag.ack==1''
+==== Capture Filter ====
+Only TCP SYN: ''tcp[0xd]&18=2''
+==== Anzeige-Fenster ====
+Durch das Hinzufügen zwei weiterer 'Custom'-Spalten lässt sich die TCP-Analyse vereinfachen:
+    tcp.stream
+    tcp.time_delta
+===== Programming with Libpcap =====
+  * [[https://wiki.wireshark.org/Development/LibpcapFileFormat|File Format]]
+  * Dev-Libraries Ubuntu: ''sudo apt-get install libpcap-dev''
+===== Wireshark ohne Root-Rechte =====
+<code bash>
+sudo chgrp admin /usr/bin/dumpcap
+sudo chmod 750 /usr/bin/dumpcap
+sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
+</code>
+Danach kann man mit Wireshark auch ohne Root-Rechte sniffen.
 ===== Dissector programmieren =====
 **Offizielle Doku:**
-    * https://wiki.wireshark.org/Lua/Dissectors#postdissectors
+    * https://wiki.wireshark.org/Lua/Dissectors
     * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html|Chapter 10. Lua Support in Wireshark]]
     * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html|Chapter 11. Wireshark’s Lua API Reference Manual]]
+    * https://anonsvn.wireshark.org/wireshark/trunk-1.6/doc/README.developer - **C HOWTO**
 **Forum:**
     * [[https://ask.wireshark.org/questions/18517/calling-lua-dissectors-from-lua-dissector|Calling Lua Dissectors from Lua Dissector]]
     * [[https://stackoverflow.com/questions/8138478/how-to-dissect-a-field-in-an-already-dissected-package-in-wireshark-using-lua|How to dissect a field in an already dissected package]]
     * [[https://stackoverflow.com/questions/35389003/get-http-payload-when-writing-wireshark-lua-chained-http-dissector|Get HTTP payload when writing chained HTTP dissector]]
+    * [[https://stackoverflow.com/questions/20516587/reassemble-pdus-in-lua-wireshark-dissector|Reassemble PDUs in lua wireshark dissector]]
+    * https://ask.wireshark.org/questions/58247/ssl-lua-dissector-how
+    * https://ask.wireshark.org/question/6760/how-to-handle-6-byte-unsigned-integer-field-in-lua-dissector/
-**Anleitungen:**
-    * https://delog.wordpress.com/2010/09/27/create-a-wireshark-dissector-in-lua/
-    * https://delog.wordpress.com/2012/06/25/obtain-dissection-data-field-and-fieldinfo/
-    * https://delog.wordpress.com/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua/
-    * https://delog.wordpress.com/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol/
-    * https://delog.wordpress.com/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets/
-===== Display Filter =====
-Display only SYN-Packets
+**Anleitungen:**
-    tcp.flags.syn==1 && !tcp.flags.ack==1
+    * https://mika-s.github.io/topics/ - **Great introduction to Wireshark Dissectors in LUA**
+    * http://www.lua.org/pil/contents.html - **Introduction to LUA**
+    * https://sharkfestus.wireshark.org/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf
+    * https://tewarid.github.io/2010/09/27/create-a-wireshark-dissector-in-lua.html
+    * https://tewarid.github.io/2012/06/25/obtain-dissection-data-using-field-and-fieldinfo.html
+    * https://tewarid.github.io/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua.html
+    * https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html
+    * https://tewarid.github.io/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets.html
+    * https://lowentropymusings.wordpress.com/2013/10/02/registering-dissectors-for-unknown-mime-types-in-wireshark/
+    * https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html
-Display SYN-ACK-Packets
+**Beispiele:**
-    tcp.flags.syn==1 && tcp.flags.ack==1
+  * https://github.com/Cilab/Wireshark-MQTT
+  * https://github.com/magicmonkey/lifxjs (im Wireshark Verzeichnis)
-Durch das Hinzufügen zwei weiterer 'Custom'-Spalten lässt sich die Analyse vereinfachen:
+  * https://www.heise.de/ratgeber/Paeckchen-sezieren-Das-Protokollanalysetool-Wireshark-mit-Lua-erweitern-4801112.html
-    tcp.stream
-    tcp.time_delta
-===== Programming with Libpcap =====
-  * [[https://wiki.wireshark.org/Development/LibpcapFileFormat|File Format]]
-  * Dev-Libraries Ubuntu: ''sudo apt-get install libpcap-dev''