Shooting the trouble down to the Wireshark Lua plugin
Submitted by Shakthi Kannan (@shakthimaan) on Wednesday, 27 February 2019
Technical level: Intermediate Section: Workshop Status: Confirmed & Scheduled
Wireshark is a Free (Libre) and Open Source protocol analyzer used for troubleshooting networks, and analysis of communication protocols. The Lua programming language support has been included in Wireshark for scripting, prototyping and packet dissection. At Aerospike, a NoSQL database company, we have implemented a Wireshark Lua plugin to help us solve issues at the wire level. In this workshop, I will be sharing the experiences and knowledge gained in creating a Lua dissector plugin. This includes code structure, layout, snippets, prototyping, testing, use cases and documentation. We will also have a hands-on workshop to get the participants introduced to Wireshark and Wireshark Lua interface to write protocol dissectors.
- Wireshark Lua
- Literate Programming
- Markdown Structure
- Protocol Dissection Pattern
- Dissector Table
- Wireshark User Interface
- Hands-on Session
- Message and Heartbeat Protocol
- CDT List Operations
- Reassembly of TCP Segments
- Hot key Report
- Debugging and Linting
- Future Work
You need to have Lua and Wireshark (GUI) installed on your laptop. If you are on any GNU/Linux distribution, you can the package manager to install them. For other operating systems, please install them from the official Wireshark downloads at https://www.wireshark.org/#download.
Familiarity with any programming language is good to get started with Lua.
Shakthi Kannan is a Free Software enthusiast who plays a Senior DevOps Engineer role at Aerospike, Bengaluru. He has developed the Aerospike Wireshark Lua plugin that is used for troubleshooting and network analysis. He is an avid promoter of Free (Libre) and Open Source Software, and blogs at shakthimaan.com. He holds a Masters degree in Information Technology from Rochester Institute of Technology.