all InfoSec news
Wireshark Lua Fixed Field Length Dissector: fl-dissector
Malware Analysis, News and Indicators - Latest topics malware.news
I developed a Wireshark dissector (fl-dissector) in Lua to dissect TCP protocols with fixed field lengths. The dissector is controlled through protocol preferences and Lua script arguments.
The port number is an essential argument, if you don’t provide it, default port number 1234 will be used.
Example for TCP port 50500: -X lua_script1:port:50500.
The protocol name (default fldissector) can be changed with argument protocolname: -X lua_script1:protocolname:firmware.
The length of the fields can be changed via the protocol preferences dialog:
Field …
argument default dissect don length lua malware analysis port protocol protocols script tcp wireshark