LinuxDays 2024

Showing Custom Protocols in Wireshark
10-12, 15:30–16:20 (Europe/Prague), 344
Language: English

We'll extend Wireshark using its Lua API to handle custom protocols.


Maybe you've implemented your own protocol, maybe you bought some strange IoT appliance - you want to analyze network traffic to understand what is going on. Wireshark is just the right tool for that. But there are some protocol it can't know and so you need to extend it.

In this workshop we'll see that it's easy to make Wireshark understand new protocols using its Lua API. We'll start with a simple UDP protocol and see how to deal with TCP's streaming nature.

Prerequisites:
- a working Wireshark installation
- optionally Python 3 to run traffic generators (recorded traffic will be provided as an alternative)
- Lua knowledge not necessary


Difficulty

Pokročilí

I live in Dresden, Germany, where I work as a backend engineer at Staffbase. I speak Czech, German and English, feel free to say hi!