用lua编写wireshark插件分析自己定义的协议

参见：

https://yoursunny.com/study/IS409/ScoreBoard.htm

https://wiki.wireshark.org/LuaAPI/TreeItem

https://www.cnblogs.com/zzqcn/p/4840589.html

foo.lua

--https://www.cnblogs.com/zzqcn/p/4840589.html

-- @brief Foo Protocol dissector plugin

-- @author zzq

-- @date 2015.08.12

-- create a new dissector

local NAME = "foo"

local PORT = 27015

local foo = Proto(NAME, "Foo Protocol")

-- create fields of foo

local fields = foo.fields

fields.type = ProtoField.uint8 (NAME .. ".type", "Type")

fields.flags = ProtoField.uint8 (NAME .. ".flags", "Flags")

fields.seqno = ProtoField.uint16(NAME .. ".seqno", "Seq No.")

fields.ipaddr = ProtoField.string(NAME .. ".ipaddr", "IPv4 Address")

-- dissect packet

-- dissect packet

function foo.dissector (tvb, pinfo, tree)

local subtree = tree:add(foo, tvb())

local offset = 0

-- show protocol name in protocol column

pinfo.cols.protocol = foo.name

-- dissect field one by one, and add to protocol tree

local type = tvb(offset, 1)

subtree:add(fields.type, type)

subtree:append_text(", type: " .. type:uint())

offset = offset + 1

subtree:add(fields.flags, tvb(offset, 1))

offset = offset + 1

subtree:add(fields.seqno, tvb(offset, 2))

offset = offset + 2

subtree:add(fields.ipaddr, tvb(offset, 4))

end

-- register this dissector

DissectorTable.get("tcp.port"):add(PORT, foo)

client.c

#define WIN32_LEAN_AND_MEAN

#include <windows.h>

#include <winsock2.h>

#include <ws2tcpip.h>

#include <stdlib.h>

#include <stdio.h>

#include <stdint.h>

// Need to link with Ws2_32.lib, Mswsock.lib, and Advapi32.lib

#pragma comment (lib, "Ws2_32.lib")

#pragma comment (lib, "Mswsock.lib")

#pragma comment (lib, "AdvApi32.lib")

#define DEFAULT_BUFLEN 512

#define DEFAULT_PORT "27015"

#define IP_LEN 32

struct tagFoo {

uint8_t type;

uint8_t flags;

uint16_t seqno;

char ipaddr[IP_LEN];

};

int __cdecl main(int argc, char **argv)

{

printf("%d", sizeof(struct tagFoo));

WSADATA wsaData;

SOCKET ConnectSocket = INVALID_SOCKET;

struct addrinfo *result = NULL,

*ptr = NULL,

hints;

struct tagFoo *sendbuf = 0;// "this is a test";

sendbuf = malloc(sizeof(struct tagFoo));

sendbuf->type = 1;

sendbuf->flags = 2;

sendbuf->seqno = 323;

ZeroMemory(sendbuf->ipaddr, sizeof(char)*IP_LEN);

strcpy(sendbuf->ipaddr, "192.168.1.158");

char recvbuf[DEFAULT_BUFLEN];

int iResult;

int recvbuflen = DEFAULT_BUFLEN;

// Validate the parameters

if (argc != 2) {

printf("usage: %s server-name\n", argv[0]);

return 1;

}

// Initialize Winsock

iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);

if (iResult != 0) {

printf("WSAStartup failed with error: %d\n", iResult);

return 1;

}

ZeroMemory(&hints, sizeof(hints));

hints.ai_family = AF_UNSPEC;

hints.ai_socktype = SOCK_STREAM;

hints.ai_protocol = IPPROTO_TCP;

// Resolve the server address and port

iResult = getaddrinfo(argv[1], DEFAULT_PORT, &hints, &result);

if (iResult != 0) {

printf("getaddrinfo failed with error: %d\n", iResult);

WSACleanup();

return 1;

}

// Attempt to connect to an address until one succeeds

for (ptr = result; ptr != NULL; ptr = ptr->ai_next) {

// Create a SOCKET for connecting to server

ConnectSocket = socket(ptr->ai_family, ptr->ai_socktype,

ptr->ai_protocol);

if (ConnectSocket == INVALID_SOCKET) {

printf("socket failed with error: %ld\n", WSAGetLastError());

WSACleanup();

return 1;

}

// Connect to server.

iResult = connect(ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen);

if (iResult == SOCKET_ERROR) {

closesocket(ConnectSocket);

ConnectSocket = INVALID_SOCKET;

continue;

}

break;

}

freeaddrinfo(result);

if (ConnectSocket == INVALID_SOCKET) {

printf("Unable to connect to server!\n");

WSACleanup();

return 1;

}

// Send an initial buffer

iResult = send(ConnectSocket, (const char*)sendbuf, sizeof(sendbuf), 0);

if (iResult == SOCKET_ERROR) {

printf("send failed with error: %d\n", WSAGetLastError());

closesocket(ConnectSocket);

WSACleanup();

free(sendbuf);

return 1;

}

free(sendbuf);

printf("Bytes Sent: %ld\n", iResult);

// shutdown the connection since no more data will be sent

iResult = shutdown(ConnectSocket, SD_SEND);

if (iResult == SOCKET_ERROR) {

printf("shutdown failed with error: %d\n", WSAGetLastError());

closesocket(ConnectSocket);

WSACleanup();

return 1;

}

// Receive until the peer closes the connection

do {

iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);

if (iResult > 0)

printf("Bytes received: %d\n", iResult);

else if (iResult == 0)

printf("Connection closed\n");

else

printf("recv failed with error: %d\n", WSAGetLastError());

} while (iResult > 0);

// cleanup

closesocket(ConnectSocket);

WSACleanup();

return 0;

}

server.c

#undef UNICODE

#define WIN32_LEAN_AND_MEAN

#include <windows.h>

#include <winsock2.h>

#include <ws2tcpip.h>

#include <stdlib.h>

#include <stdio.h>

// Need to link with Ws2_32.lib

#pragma comment (lib, "Ws2_32.lib")

// #pragma comment (lib, "Mswsock.lib")

#define DEFAULT_BUFLEN 512

#define DEFAULT_PORT "27015"

int __cdecl main(void)

{

WSADATA wsaData;

int iResult;

SOCKET ListenSocket = INVALID_SOCKET;

SOCKET ClientSocket = INVALID_SOCKET;

struct addrinfo *result = NULL;

struct addrinfo hints;

int iSendResult;

char recvbuf[DEFAULT_BUFLEN];

int recvbuflen = DEFAULT_BUFLEN;

// Initialize Winsock

iResult = WSAStartup(MAKEWORD(2,2), &wsaData);

if (iResult != 0) {

printf("WSAStartup failed with error: %d\n", iResult);

return 1;

}

ZeroMemory(&hints, sizeof(hints));

hints.ai_family = AF_INET;

hints.ai_socktype = SOCK_STREAM;

hints.ai_protocol = IPPROTO_TCP;

hints.ai_flags = AI_PASSIVE;

// Resolve the server address and port

iResult = getaddrinfo(NULL, DEFAULT_PORT, &hints, &result);

if ( iResult != 0 ) {

printf("getaddrinfo failed with error: %d\n", iResult);

WSACleanup();

return 1;

}

// Create a SOCKET for connecting to server

ListenSocket = socket(result->ai_family, result->ai_socktype, result->ai_protocol);

if (ListenSocket == INVALID_SOCKET) {

printf("socket failed with error: %ld\n", WSAGetLastError());

freeaddrinfo(result);

WSACleanup();

return 1;

}

// Setup the TCP listening socket

iResult = bind( ListenSocket, result->ai_addr, (int)result->ai_addrlen);

if (iResult == SOCKET_ERROR) {

printf("bind failed with error: %d\n", WSAGetLastError());

freeaddrinfo(result);

closesocket(ListenSocket);

WSACleanup();

return 1;

}

freeaddrinfo(result);

iResult = listen(ListenSocket, SOMAXCONN);

if (iResult == SOCKET_ERROR) {

printf("listen failed with error: %d\n", WSAGetLastError());

closesocket(ListenSocket);

WSACleanup();

return 1;

}

// Accept a client socket

ClientSocket = accept(ListenSocket, NULL, NULL);

if (ClientSocket == INVALID_SOCKET) {

printf("accept failed with error: %d\n", WSAGetLastError());

closesocket(ListenSocket);

WSACleanup();

return 1;

}

// No longer need server socket

closesocket(ListenSocket);

// Receive until the peer shuts down the connection

do {

iResult = recv(ClientSocket, recvbuf, recvbuflen, 0);

if (iResult > 0) {

printf("Bytes received: %d\n", iResult);

// Echo the buffer back to the sender

iSendResult = send( ClientSocket, recvbuf, iResult, 0 );

if (iSendResult == SOCKET_ERROR) {

printf("send failed with error: %d\n", WSAGetLastError());

closesocket(ClientSocket);

WSACleanup();

return 1;

}

printf("Bytes sent: %d\n", iSendResult);

}

else if (iResult == 0)

printf("Connection closing...\n");

else {

printf("recv failed with error: %d\n", WSAGetLastError());

closesocket(ClientSocket);

WSACleanup();

return 1;

}

} while (iResult > 0);

// shutdown the connection since we're done

iResult = shutdown(ClientSocket, SD_SEND);

if (iResult == SOCKET_ERROR) {

printf("shutdown failed with error: %d\n", WSAGetLastError());

closesocket(ClientSocket);

WSACleanup();

return 1;

}

// cleanup

closesocket(ClientSocket);

WSACleanup();

return 0;

}