Code Monkey home page Code Monkey logo

plus-dissector's Introduction

Usage of the Wireshark dissector for PLUS

The next few sections describe the installation and usage of the PLUS dissector for Wireshark.

Installation of PLUS dissector

  1. Download and install a recent version of Wireshark.
  2. Open Wireshark.
  3. Looking for the path to the plugins in Wireshark by menu Help > About Wireshark > Folders.
  4. Open or create the folder for the Personal Plugins, got from the step before.
  5. Copy the Lua script plus.lua for the PLUS Wireshark dissector into the Personal Plugins folder.
  6. Restart Wireshark to activate the plugin. No error message at start may appear.
  7. To check the activation of the plugin, open menu Help > About Wireshark > Plugins and search for the plus.lua plugin.

Installation of PLUS dissector with QUIC transport layer

It is the same procedure as in the section before, but instead of copy the Lua script plus.lua, take the file plus_quic.lua.

Actually, the dissection in plus_quic.lua is hardcoded to dissect the next layer always as QUIC, even when there isn't QUIC.

Dissectors plus.lua and plus_quic.lua can't be enabled at the same time.

Usage of PLUS dissector

The dissector is looking for the magic id of the PLUS layer. If the magic id 0xd8007ff is present, the dissector is automatically applied on the packet, independent of the UDP port.

To manually dissect a packet as a PLUS packet, make a right click on a packet and choose Decode as.... Search for the PLUS protocol and set it there.

The following filter criteria can be applied as display or capture filters for the fields of PLUS:

Filter Criteria Description
plus.magic_id Magic ID of the PLUS protocol
plus.flags.lola Latency sensitive, when set
plus.flags.roi Not sensitive to reordering, when set
plus.flags.stop Stop the association, when set
plus.flags.extended Extended header follows, when set
plus.cat Connection/Association token for the PLUS association
plus.psn Packet Serial Number
plus.pse Packet Serial Echo
plus.pcftype Path Communication Function Type
plus.pcflength Path Communication Function Length
plus.pcfii Path Communication Function Integrity Indication
plus.pcfvalue Path Communication Function Value
plus.data Data of higher layer

plus-dissector's People

Stargazers

swananan avatar

Watchers

James Cloos avatar

Forkers

2035go

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.