Code Monkey home page Code Monkey logo

wirebait's Introduction

WireBait

Author License: GPL v2 GitHub last commit GitHub (pre-)release GitHub (pre-)release Travis CI

UPDATE: this repo is no longer supported. The concept is interesting, but bringing it to life would take time I don't want to allocate. I'll leave this repo outthere for people to experiment.

Lua library to facilitate the development of Wireshark dissectors by enabling users to run them against packet data without Wireshark. The packet data can come from a hexadecimal string or a .pcap file. The goal here is to provide a tool reducing development time when creating a new dissector.

The following is an example of output produced when running your dissector with WireBait as a "standalone" script.

------------------------------------------------------------------------------------------------------------------------------[[
No.         | Time                | Source            | Destination       | Protocol  | Length    | Info          
1           | 02:02:47.146635     | 192.168.0.1       | 255.255.255.255   | Demo      | 173       | 59121 → 7437  Len=32 

0E 07 DE 02 22 FC 03 19   75 5A 7F FF FF FF FF FF  |  Demo Protocol
FF 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |  └─ Unsigned integers:
                                                   |     └─ 8-bit uint: 14
                                                   |     └─ 16-bit uint: 2014
                                                   |     └─ 24-bit uint: 140028
                                                   |     └─ 32-bit uint: 52000090
                                                   |     └─ 64-bit uint: 9223372036854775807
]]------------------------------------------------------------------------------------------------------------------------------

Content

What does it do?
Requirements
Quick start
Examples
State of the project
What's next and how to contribute?
Licensing

What does it do?

It simply exposes the Wireshark Lua API (or here) and attempts to reproduce its behavior. As a result, your script becomes "self sufficient" and you can execute it directly and without Wireshark. If you provide it with some data, it will print a text version of the dissection tree along with the payload in hexadecimal format. Now you can make changes to your dissector and see the effects immediately without leaving your Lua IDE!

Requirements

  • You have a Lua interpreter 5.2 or above
  • You have a dissector and data to test it (hex string or pcap file)
  • You have a Lua debugger (I like ZeroBrane Studio) [only a requirement for step by step debugging]

Note that WireBait does not interact at all with Wireshark.

Quick start

Getting started takes less than a minute:

  1. Make sure your Lua interpreter is 5.2 (in Zerobrane Studio go to Project > Lua Interpreter and select Lua 5.2)
  2. Add the wirebaitlib/ directory to your Lua path
  3. Add the following snippet of code on top of the dissector you want to run/debug:
if disable_lua == nil and enable_lua == nil and not _WIREBAIT_ON_ then
  local wirebait = require("wirebaitlib");
  local dissector_tester = wirebait.new({only_show_dissected_packets=true});
  dissector_tester:dissectHexData("72ABE636AFC86572") -- To dissect hex data from a string (no pcap needed) 
  dissector_tester:dissectPcap("path_to_your_pcap_file.pcap") -- To dissect packets from a pcap file
  return
end
  1. Edit the code snippet and decide if your dissector should read hexadecimal data and/or a pcap file of your choice. Note that you can add this snippet in a file other than your dissector file. In this case you'll have to add an additional argument in the constructor of the dissector tester, specifying the path to your dissector file, just like so:
local dissector_tester = wirebait.new({dissector_filepath="path_to_your_dissector.lua", only_show_dissected_packets=true});
  1. Execute your dissector script. Enjoy 😃 And please, feel free to give me feedback!

Example 1 Dissecting data from a hexadecimal string

If you run the example dissector script demo_dissector.lua, which dissects the data provided as an hexadecimal string, you should get the following output:

------------------------------------------------------------------------------------------------------------------------------[[
Dissecting hexadecimal data (no pcap provided)

0E 07 DE 02 22 FC 03 19   75 5A 7F FF FF FF FF FF  |  Demo Protocol
FF FF F2 F8 22 FD DD 04   FC E6 8A A6 80 00 00 00  |  └─ Unsigned integers:
00 00 00 01 57 69 72 65   62 61 69 74 00 62 79 20  |     └─ 8-bit uint: 14
4D 61 72 6B 6F 50 61 75   6C 30 00 00 AA BB CC 11  |     └─ 16-bit uint: 2014
22 33 C0 A8 0E 1C AB CD   EF 12 34 56 78 90 AB CD  |     └─ 24-bit uint: 140028
EF 12 34 56 78 90 00 00   00 00 00 00 00 00 00 00  |     └─ 32-bit uint: 52000090
00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |     └─ 64-bit uint: 9223372036854775807
00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |  └─ Signed integers:
00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |     └─ 8-bit int: -14
00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |     └─ 16-bit int: -2014
00 00 00 00 00 00 00 00   00 00 00 00 00           |     └─ 24-bit int: -140028
                                                   |     └─ 32-bit int: -52000090
                                                   |     └─ 64-bit int: -9223372036854775807
                                                   |  └─ Strings:
                                                   |     └─ String: Wirebait
                                                   |     └─ Stringz: Wirebait
                                                   |  └─ Other types:
                                                   |     └─ bytes: aabbcc112233c0a80e1cabcdef1234567890abcdef1234567890...
                                                   |     └─ ethernet: aa:bb:cc:11:22:33
                                                   |     └─ IPv4: 192.168.14.28
                                                   |     └─ GUID: abcdef12-3456-7890-abcd-ef1234567890
]]------------------------------------------------------------------------------------------------------------------------------

In wireshark the same dissection would look like this:

Something to note is that the hex string only contains the UDP (or TCP) payload, i.e. only the data to be dissected. No need to worry about making up ethernet, IP, or TCP/UDP headers.

Example 2 Dissecting data from a .pcap file

If you run the example dissector script demo_dissector2.lua, which dissects the same data as in the first example but provided by the demo.pcap file, you should get the same dissection output. One difference is that you will also get packet information that is provided by ethernet, IP, and TCP/UDP headers:

------------------------------------------------------------------------------------------------------------------------------[[
No.         | Time                | Source            | Destination       | Protocol  | Length    | Info          
1           | 02:02:47.146635     | 192.168.0.1       | 255.255.255.255   | Demo      | 173       | 59121 → 7437  Len=173 

0E 07 DE 02 22 FC 03 19   75 5A 7F FF FF FF FF FF  |  Demo Protocol
FF FF F2 F8 22 FD DD 04   FC E6 8A A6 80 00 00 00  |  └─ Unsigned integers:
.......<trimmed output, same as example 1>

State of the project

A few notes about the current state of the project:

  • TCP reassembly is not supported
  • Only ".pcap" files are supported
  • Pcap files must be written in native byte order

For more information you can check what I'm up to in the Project section.

What's next and how to contribute?

Right now I would like to collect feedback from Wireshark users. People who already have Lua dissectors can really help by running their dissectors using Wirebait. I would really appreciate any form of feedback about this tool.

I think - without having collected feedback yet - the next logical step is to expand Wirebait to enable users to unit test their dissectors. The clear cut specifications of protocol definitions are in my opinion a school book example of when unit test driven development makes sense. With unit tests, any protocol or dissector update can be tackled quicly while reducing the risk of introducing new bugs.

Licensing

WireBait for Wireshark is a lua package to help create Wireshark Dissectors Copyright (C) 2015-2017 Markus Leballeux

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. (Checkout the full license)

wirebait's People

Contributors

kahlkevin avatar markopaul0 avatar pffang avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

nivir mikeaddison93 kahlkevin theldoria pgum lexuanquyen 5l1v3r1 amielc1 lexahoods digitalderrickcs davidszili minhaj-rahat tany2016 bubdm verganas

wirebait's Issues

(Documentation) Quick start code doesn't work

Describe the bug
In the docs, there is an example snippet containing:

local dissector_tester = wirebait.plugin_tester.new({only_show_dissected_packets=true});
dissector_tester:dissectPcap("path_to_your_pcap_file.pcap");

To Reproduce
Run code as suggested.

Expected behavior
Working simulation of Wireshark.

Additional context
To get results, I do a:

local dissector_tester = wirebait.new({only_show_dissected_packets=true});
dissector_tester:dissectPcap("path_to_your_pcap_file.pcap");

Did the API change or am I missing something?
A simple text search for word plugin_tester yields absolutely nothing besides the example code.

[Question] How to add table for custom dissector

I recently came across this utility. Very awesome 👍

This is probably more of a Wireshark/Lua question, but what do you need to add to view bytes for a custom dissector using WireBait?

Using your demo_dissector.lua example, I can see all the bytes when using the following:

local udp_encap_table = DissectorTable.get("udp.port")
udp_encap_table:add(7437, alcxnet_protocol)

And when setting up my own dissector, it will dissect and display. However, what if I'm going to use a serial port and there are only 4 bytes to dissect? If I remove the udp table code, it will still dissect, but no bytes will show in output.

Any help is appreciated.

ProtoField doesn't support mask

ProtoField int and uint type doesn't support mask. So some bit value cannot be display correctly.

bitmask in WireBait:

|  MirrorLink Protocol
|  └─ MirrorLink Message Flag: 128
|  └─ Extension-type: DeviceStatus (11)
|  └─ Payload length: 4
|  └─ DeviceStatus: 
|     └─ ..............................00 = KeyLock: unknown (0)
|     └─ ..............................01 = DeviceLock: 8
|     └─ ..............................00 = Screensaver: unknown (0)
|     └─ ..............................00 = NightMode: unknown (0)
|     └─ ..............................11 = VoiceControl: 768
|     └─ ..............................01 = Microphone: 2048
|     └─ ..............................01 = DriverDistractionAvoidance: 131072
|     └─ .............................001 = AbsoluteFramebufferRotation: 67108864
|     └─ ..............................01 = FramebufferOrientation: 268435456

Correct bitmask in WireShark:

MirrorLink Protocol
    MirrorLink Message Flag: 128
    Extension-type: DeviceStatus (11)
    Payload length: 4
    DeviceStatus
        .... .... .... .... .... .... .... ..00 = KeyLock: unknown (0)
        .... .... .... .... .... .... .... 10.. = DeviceLock: disabled (2)
        .... .... .... .... .... .... ..00 .... = Screensaver: unknown (0)
        .... .... .... .... .... .... 00.. .... = NightMode: unknown (0)
        .... .... .... .... .... ..11 .... .... = VoiceControl: enabled (3)
        .... .... .... .... .... 10.. .... .... = Microphone: disabled (2)
        .... .... .... ..10 .... .... .... .... = DriverDistractionAvoidance: disabled (2)
        .... .100 .... .... .... .... .... .... = AbsoluteFramebufferRotation: 100 = 0º (4)
        ...1 0... .... .... .... .... .... .... = FramebufferOrientation: 10 = Landscape (2)

ProtoField: invalid value translation from value_map

There is an issue with the value mapping in Protofield.
For instance, Wirebait prints:

.... .... .... .... .... .... .... 10.. = DeviceLock: 8

but with the same input, Wireshark would print:

.... .... .... .... .... .... .... 10.. = DeviceLock: disabled (2)

Bug in Int64.lua in tohex() method

Running luacheck against your codebase I discovered this one bug in the int64 related files.

int64\Int64.lua:228:23: accessing undefined variable 'hex_string'

I believe the variable 'hex_string' should be changed to 'hex_str'. I have not yet tested this change.

When use "dissectHexData()", cols of packet info is nil. And bitfield cannot work as in WireShark.

As the title

Here is my code:

if disable_lua == nil and not _WIREBAIT_ON_ then
  local wirebait = require("wirebait");
  local dissector_tester = wirebait.plugin_tester.new({only_show_dissected_packets=true});
  local STP = require "StackTracePlus"
  debug.traceback = STP.stacktrace
  --dissector_tester:dissectPcap("vr1.pcap");
  dissector_tester:dissectHexData("800b000414020b08");
  return
end

-- declare our protocol
local my_proto = Proto("MyProto", "My Protocol", "My Protocol")

local Status_of_Features	= {[0] = "unknown", [1] = "reserved", [2] = "disabled", [3] = "enabled" }

-- load the tcp.port table
local tcp_table = DissectorTable.get("tcp.port")

-- create a function to dissect it
function my_proto.dissector(tvbBuffer, pktInfo, rootTree)
  -- get the length of the packet buffer (Tvb).
  total_length = tvbBuffer:len()

  if total_length <4 then
    return 0
  end

  local bytes_consumed = 0
  
  local ext_type_range = tvbBuffer(1, 1)
  local ext_type = ext_type_range:uint()
  local payload_length_range = tvbBuffer(2, 2)
  local payload_length = payload_length_range:uint()
  
  local offset = 0
  
  if (ext_type < 23) and (4 + payload_length <= total_length) then
    --pktInfo.cols.info:set("MyProto : ") --bug 1
    bytes_consumed = 4 + payload_length
    offset = 4
  else    
    return 0
  end

  if ext_type == 11 then
    local payload = tvbBuffer(offset, payload_length)
    local ValueA = payload:bitfield(22,2)
    print(type(ValueA))
    print(tonumber(ValueA))
    print(ValueA)
    print(Status_of_Features[ValueA]) -- bug 2
    local ValueB = payload:bitfield(20,2)
    print(ValueB)
    print(Status_of_Features[ValueB])
    pktInfo.cols.info:append(", ValueA: " .. Status_of_Features[ValueA] .. ", ValueB: " .. Status_of_Features[ValueB])
  end

  if bytes_consumed > 0 then
    pktInfo.cols.protocol:set("MyProto")
  end

  return bytes_consumed
end

-- register our protocol to handle tcp port 5959
tcp_table:add(5959, my_proto)

'type(ValueA)' in WireShark is number, but table here.

Running Wireshark's example Lua dissector in WireBait errors with `attempt to call a nil value (global 'get_version')`

Hi, I am new to Lua and WireBait, so I apologize if I'm doing something particularly silly. My understanding is that WireBait more-or-less emulates Wireshark's Lua API so that we can run Lua dissectors and other Wireshark/tshark plugins without loading our Lua scripts as plugins in those programs.

Based on this assumption, I figured a simple "Hello world" test would be to see if I could run the Lua example dissector (dissector.lua) provided by the Wireshark wiki on its Lua/Examples page within WireBait.

So, I performed the following commands:

First, I created a .pcap file filled with several DNS packets at /tmp/dns.pcap:

# I use a proxy, hence the `lo` interface. But I assure you, there are DNS packets captured here.
tshark -i lo -f "udp port 53" -c 5 -w /tmp/dns.pcap

Then I attempted to run the example dissector as follows:

# Get the WireBait source code.
git clone https://github.com/MarkoPaul0/WireBait.git

# Get the Wireshark Lua example dissector.
curl -sL https://wiki.wireshark.org/Lua/Examples?action=AttachFile\&do=get\&target=dissector.lua > /tmp/dissector.lua

# Prepend the WireBait snippet as per its README.md file to the start of the dissector script.
# The path the capture file shoudl be `/tmp/dns.pcap` as per the capture file created earlier.
cat <<EOF > /tmp/wirebait-snippet.lua
if disable_lua == nil and not _WIREBAIT_ON_ then
    local wirebait = require("wirebait");
    local dissector_tester = wirebait.plugin_tester.new({only_show_dissected_packets=true});
    dissector_tester:dissectPcap("/tmp/dns.pcap");  --dissecting data from a pcap file
    return
end
EOF
cat /tmp/wirebait-snippet.lua /tmp/dissector.lua > /tmp/dissector-with-wirebait.lua

# Run the version of the example dissector with the WireBait snippet prepended.
LUA_PATH="$HOME/src/WireBait/wirebait.lua;;" lua /tmp/dissector-with-wirebait.lua

Unfortunately, I see the following error output upon this invocation of lua (with $HOME replacing the path to my home folder):

lua: /tmp/dissector-wirebait.lua:128: attempt to call a nil value (global 'get_version')
stack traceback:
        /tmp/dissector-wirebait.lua:128: in local 'dofile_func'
        $HOME/src/WireBait/wirebait.lua:1659: in field 'new'
        /tmp/dissector-wirebait.lua:3: in main chunk
        [C]: in ?

In case it is needed, here is my Lua version information:

$ lua -v
Lua 5.3.4  Copyright (C) 1994-2017 Lua.org, PUC-Rio

My suspicion is that the Wireshark get_version() function simply isn't implemented by WireBait (yet?) and hence the error, however, I really do not know for certain and cannot dig deeper at this exact moment. I would be happy to offer some additional feedback if you need or want it, though I cannot promise it. You asked for feedback from Wireshark users in your README, so…well, here's some that I hope helps!

Again, I'm not sure if you intended folks to use WireBait this way, but I figured it's probably not uncommon that someone might put two and two together from this repo and the Wireshark wiki's example files. It was the first thing that occurred to me to do, so I imagine it will probably occur to others to do this, as well.

Thanks for a neat project!

[Discussion] Just some personal opinions

When I see this project, I can't help to say WOW! It can speed up developping because we needn't launch Wireshark any more. It will save at least 30s per run (I'm a Windows user).

I just try the exapmles. It makes me exciting. I want to use it to test my own dissector which is written by lua and swig binding c language codes (sounds pretty complex, because it is a protocol whose types are all arbitray width bits without no paddings, so we use a parser I write before to parse the binary stream).

I have some questions about the project:

  1. In Windows, it seems that some weired characters are shown:
------------------------------------------------------------------------------------------------------------------------------[[

No.         | Time                | Source            | Destination       | Protocol  | Length    | Info
1           | 02:02:47.146635     | 192.168.0.1       | 255.255.255.255   | Demo      | 173       | 59121  7437  Len=173

 0E 07 DE 02 22 FC 03 19   75 5A 7F FF FF FF FF FF  |  Demo Protocol2
 FF FF F2 F8 22 FD DD 04   FC E6 8A A6 80 00 00 00  |  ÔööÔöÇ Unsigned integers:
 00 00 00 01 57 69 72 65   62 61 69 74 00 62 79 20  |     ÔööÔöÇ 8-bit uint: 14
 4D 61 72 6B 6F 50 61 75   6C 30 00 00 AA BB CC 11  |     ÔööÔöÇ 16-bit uint: 2014
 22 33 C0 A8 0E 1C AB CD   EF 12 34 56 78 90 AB CD  |     ÔööÔöÇ 24-bit uint: 140028
 EF 12 34 56 78 90 00 00   00 00 00 00 00 00 00 00  |     ÔööÔöÇ 32-bit uint: 52000090
 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |     ÔööÔöÇ 64-bit uint: 9223372036854775807
 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |  ÔööÔöÇ Signed integers:
 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |     ÔööÔöÇ 8-bit int: -14
 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |     ÔööÔöÇ 16-bit int: -2014
                                                    |     ÔööÔöÇ 24-bit int: -140028
                                                    |     ÔööÔöÇ 32-bit int: -52000090
                                                    |     ÔööÔöÇ 64-bit int: -9223372036854775807
                                                    |  ÔööÔöÇ Strings:
                                                    |     ÔööÔöÇ String: Wirebait
                                                    |     ÔööÔöÇ Stringz: Wirebait
                                                    |  ÔööÔöÇ Other types:
                                                    |     ÔööÔöÇ bytes: aabbcc112233c0a80e1cabcdef1234567890abcdef1234567890...
                                                    |     ÔööÔöÇ ethernet: aa:bb:cc:11:22:33
                                                    |     ÔööÔöÇ IPv4: 192.168.14.28
                                                    |     ÔööÔöÇ GUID: abcdef12-3456-7890-abcd-ef1234567890
]]------------------------------------------------------------------------------------------------------------------------------


------------------------------------------------------------------------------------------------------------------------------[[

No.         | Time                | Source            | Destination       | Protocol  | Length    | Info
14          | 02:02:50.206687     | 192.168.0.1       | 255.255.255.255   | Demo      | 173       | 59121  7437  Len=173

 0E 07 DE 02 22 FC 03 19   75 5A 7F FF FF FF FF FF  |  Demo Protocol2
 FF FF F2 F8 22 FD DD 04   FC E6 8A A6 80 00 00 00  |  ÔööÔöÇ Unsigned integers:
 00 00 00 01 57 69 72 65   62 61 69 74 00 62 79 20  |     ÔööÔöÇ 8-bit uint: 14
 4D 61 72 6B 6F 50 61 75   6C 30 00 00 AA BB CC 11  |     ÔööÔöÇ 16-bit uint: 2014
 22 33 C0 A8 0E 1C AB CD   EF 12 34 56 78 90 AB CD  |     ÔööÔöÇ 24-bit uint: 140028
 EF 12 34 56 78 90 00 31   2E 30 32 2E 36 35 2E 00  |     ÔööÔöÇ 32-bit uint: 52000090
 00 00 00 00 00 00 00 00   00 00 00 00 00 01 00 00  |     ÔööÔöÇ 64-bit uint: 9223372036854775807
 00 01 00 00 00 02 00 00   00 02 00 00 00 00 00 00  |  ÔööÔöÇ Signed integers:
 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |     ÔööÔöÇ 8-bit int: -14
 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  |     ÔööÔöÇ 16-bit int: -2014
                                                    |     ÔööÔöÇ 24-bit int: -140028
                                                    |     ÔööÔöÇ 32-bit int: -52000090
                                                    |     ÔööÔöÇ 64-bit int: -9223372036854775807
                                                    |  ÔööÔöÇ Strings:
                                                    |     ÔööÔöÇ String: Wirebait
                                                    |     ÔööÔöÇ Stringz: Wirebait
                                                    |  ÔööÔöÇ Other types:
                                                    |     ÔööÔöÇ bytes: aabbcc112233c0a80e1cabcdef1234567890abcdef1234567890...
                                                    |     ÔööÔöÇ ethernet: aa:bb:cc:11:22:33
                                                    |     ÔööÔöÇ IPv4: 192.168.14.28
                                                    |     ÔööÔöÇ GUID: abcdef12-3456-7890-abcd-ef1234567890
]]------------------------------------------------------------------------------------------------------------------------------

I should read the code to check why.
2. Do you have any plan to provide a new feature which can be used to validate the dissector. By now, I think there is no way to validate a dissector automatically. A work around method may like this: read a pcap file and print if by WireBait, then check the output by compare the output with a previous defined string. It is not that easy to write such strings... Every chracters should be written including there '-' and tabs.

Just my own opinions. Thanks for this project!

[BUG] wireshark lua ftypes builtin not found

Describe the bug
ftypes builtin not found

To Reproduce

  1. Using the example lua dissector:
    wiki.wireshark.org/Lua/Examples?action=AttachFile&do=get&target=dissector.lua
    (via this SO answer)

  2. Add the recommended snippet to import wirebaitlib

Expected behavior
I expect wirebait to include ftypes, mentioned here:
https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html#lua_class_DissectorTable

Additional context
The demo_dissector.lua example works wonderfully

Attempting to use `Field` object in Lua dissector results in error: `attempt to index a nil value (global 'Field')`

Similar to issue #3, a Lua dissector plugin that attempts to use the Field() object from the Lua API (which, admittedly, is poorly documented) returns an error.

This command:

LUA_PATH="$HOME/src/WireBait/wirebait.lua;;" lua ~/src/ntalk-dissector/talk.lua

produces this error output:

lua: $HOME/src/ntalk-dissector/talk.lua:72: attempt to index a nil value (global 'Field')
stack traceback:
        $HOME/src/ntalk-dissector/talk.lua:72: in local 'dofile_func'
        $HOME/src/WireBait/wirebait.lua:1659: in field 'new'
        $HOME/src/ntalk-dissector/talk.lua:17: in main chunk
        [C]: in ?

($HOME is my home folder.)

The talk.lua script is this Lua plugin dissector.

(As per usual, let me know if this kind of feedback is welcome. I can stop creating issues here if it is not.)

demo_dissector.lua: bad argument #1 to 'getupvalue'

Hi, I am new to Lua and WireBait. I'm working on Windows with Lua 5.3.4 and WireBait 2.0.0. I get an error when running the demo_dissector.lua example:

set LUA_PATH=\Lua\WireBait-2.0.0\wirebait.lua
Lua\lua53.exe \Lua\WireBait-2.0.0\example\demo_dissector.lua
\Lua\lua53.exe: \Lua\WireBait-2.0.0\wirebait.lua:62: bad argument #1 to 'getupvalue' (function expected, got nil)
stack traceback:
    [C]: in function 'debug.getupvalue'
    \Lua\WireBait-2.0.0\wirebait.lua:62: in function 'setfenv'
    \Lua\WireBait-2.0.0\wirebait.lua:1540: in field 'new'
    \Lua\WireBait-2.0.0\example\demo_dissector.lua:29: in main chunk
    [C]: in ?

How can I fix this please?

Example code not working

Like many others I'm new to lua and wireshark dissectors. I wish I had found this repo sooner, seems like a gem to me for helping me write the dissector more efficiently! Anyway, I'm trying to run quickstart example one but it errors (see below)

Describe the bug
image

To Reproduce
use commit: 2ca227c
try to run example code as shown in screenshot

Expected behavior
work as described in the readme 🙏

PS: Example 2 using the pcap has a similar error


Program completed in 1.87 seconds (pid: 5189).
...ZeroBraneStudio/lualibs/wirebaitlib/primitives/Utils.lua:58: attempt to index global 'bit32' (a nil value)
stack traceback:
	...ZeroBraneStudio/lualibs/wirebaitlib/primitives/Utils.lua: in function 'getSrcIP'
	...aneStudio/lualibs/wirebaitlib/packet_info/PacketInfo.lua:72: in function 'new'
	...Studio/lualibs/wirebaitlib/dissector/DissectorRunner.lua:211: in function 'dissectPcap'
	...ualibs/wirebaitlib/dissector/example/demo_dissector2.lua:34: in main chunk
Debugging session completed (traced 0 instructions).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.