IPv6-Labor

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
ne:wireshark

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
ne:wireshark [2019/10/09 09:48] – [Dissector programmieren] adminne:wireshark [2026/04/15 13:30] (aktuell) – [Display Filter] admin
Zeile 1: Zeile 1:
 ====== Wireshark ====== ====== Wireshark ======
 +
 +==== Tutorial ====
 + * http://www.nwlab.net/tutorials/wireshark/
 +
  
 === Windows: Loopback Interface === === Windows: Loopback Interface ===
Zeile 9: Zeile 13:
   * https://wiki.wireshark.org/TCP_Reassembly   * https://wiki.wireshark.org/TCP_Reassembly
  
 +=== Truncating Payloads and Anonymizing PCAP files ===
  
-===== Display Filter =====+  * https://isc.sans.edu/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990
  
-Display only SYN-Packets 
-    tcp.flags.syn==1 && !tcp.flags.ack==1 
  
-Display SYN-ACK-Packets +===== TCP Analyse =====
-    tcp.flags.syn==1 && tcp.flags.ack==1+
  
-Durch das Hinzufügen zwei weiterer 'Custom'-Spalten lässt sich die Analyse vereinfachen:+==== Display Filter ==== 
 + 
 +Display only SYN-Packets -- 
 +''tcp.flags.syn==1 && !tcp.flags.ack==1'' \\ 
 +Display SYN-ACK-Packets -- ''tcp.flags.syn==1 && tcp.flag.ack==1'' 
 + 
 +==== Capture Filter ==== 
 +Only TCP SYN: ''tcp[0xd]&18=2'' 
 + 
 + 
 +==== Anzeige-Fenster ==== 
 + 
 + 
 +Durch das Hinzufügen zwei weiterer 'Custom'-Spalten lässt sich die TCP-Analyse vereinfachen:
     tcp.stream     tcp.stream
     tcp.time_delta     tcp.time_delta
-     
- 
 ===== Programming with Libpcap ===== ===== Programming with Libpcap =====
  
Zeile 39: Zeile 52:
  
 **Offizielle Doku:** **Offizielle Doku:**
-    * https://wiki.wireshark.org/Lua/Dissectors#postdissectors+    * https://wiki.wireshark.org/Lua/Dissectors
     * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html|Chapter 10. Lua Support in Wireshark]]     * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html|Chapter 10. Lua Support in Wireshark]]
     * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html|Chapter 11. Wireshark’s Lua API Reference Manual]]     * [[https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html|Chapter 11. Wireshark’s Lua API Reference Manual]]
 +    * https://anonsvn.wireshark.org/wireshark/trunk-1.6/doc/README.developer - **C HOWTO**
 **Forum:** **Forum:**
     * [[https://ask.wireshark.org/questions/18517/calling-lua-dissectors-from-lua-dissector|Calling Lua Dissectors from Lua Dissector]]     * [[https://ask.wireshark.org/questions/18517/calling-lua-dissectors-from-lua-dissector|Calling Lua Dissectors from Lua Dissector]]
Zeile 47: Zeile 61:
     * [[https://stackoverflow.com/questions/35389003/get-http-payload-when-writing-wireshark-lua-chained-http-dissector|Get HTTP payload when writing chained HTTP dissector]]     * [[https://stackoverflow.com/questions/35389003/get-http-payload-when-writing-wireshark-lua-chained-http-dissector|Get HTTP payload when writing chained HTTP dissector]]
     * [[https://stackoverflow.com/questions/20516587/reassemble-pdus-in-lua-wireshark-dissector|Reassemble PDUs in lua wireshark dissector]]     * [[https://stackoverflow.com/questions/20516587/reassemble-pdus-in-lua-wireshark-dissector|Reassemble PDUs in lua wireshark dissector]]
 +    * https://ask.wireshark.org/questions/58247/ssl-lua-dissector-how
 +    * https://ask.wireshark.org/question/6760/how-to-handle-6-byte-unsigned-integer-field-in-lua-dissector/
 +
  
 **Anleitungen:** **Anleitungen:**
-    * https://delog.wordpress.com/2010/09/27/create-a-wireshark-dissector-in-lua/ +    * https://mika-s.github.io/topics/ - **Great introduction to Wireshark Dissectors in LUA** 
-    * https://mika-s.github.io/wireshark/lua/dissector/2017/11/04/creating-a-wireshark-dissector-in-lua-1.html +    * http://www.lua.org/pil/contents.html - **Introduction to LUA** 
-    * https://delog.wordpress.com/2012/06/25/obtain-dissection-data-field-and-fieldinfo/ +    * https://sharkfestus.wireshark.org/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf 
-    * https://delog.wordpress.com/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua/ +    * https://tewarid.github.io/2010/09/27/create-a-wireshark-dissector-in-lua.html 
-    * https://delog.wordpress.com/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol/ +    * https://tewarid.github.io/2012/06/25/obtain-dissection-data-using-field-and-fieldinfo.html 
-    * https://delog.wordpress.com/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets/+    * https://tewarid.github.io/2013/05/21/dealing-with-segmented-data-in-a-wireshark-dissector-written-in-lua.html 
 +    * https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html 
 +    * https://tewarid.github.io/2017/04/25/wireshark-dissector-in-lua-for-custom-protocol-over-websockets.html
     * https://lowentropymusings.wordpress.com/2013/10/02/registering-dissectors-for-unknown-mime-types-in-wireshark/     * https://lowentropymusings.wordpress.com/2013/10/02/registering-dissectors-for-unknown-mime-types-in-wireshark/
-    * https://ask.wireshark.org/questions/58247/ssl-lua-dissector-how+    * https://tewarid.github.io/2011/04/20/custom-dissector-for-ethertype-link-layer-and-ip-protocol.html
  
 **Beispiele:** **Beispiele:**
   * https://github.com/Cilab/Wireshark-MQTT   * https://github.com/Cilab/Wireshark-MQTT
   * https://github.com/magicmonkey/lifxjs (im Wireshark Verzeichnis)   * https://github.com/magicmonkey/lifxjs (im Wireshark Verzeichnis)
 +  * https://www.heise.de/ratgeber/Paeckchen-sezieren-Das-Protokollanalysetool-Wireshark-mit-Lua-erweitern-4801112.html
ne/wireshark.1570614539.txt.gz · Zuletzt geändert: von admin