Embed Size (px)
Citation preview
Wireshark – Do you know?
Define a simple custom protocol Luigi Taglione May 2015
Context Why? Do you know? Example Bibliography
Index
Context 1/2
Obj 1 Obj N
Msg(Obj1,ObjN) …..10101010101 Msg(ObjN,Obj1)…..01010010101
Sometime, when two or more objects want to exchange information, they use a communication protocol.
Context 2/2
OBJ1 OBJN
msg1
msg2
msg3
When we want analyze or test the communication between two or more objects, is necessary to pull out the messages.
We suppose that the communication is ethernet.
WireShark [3] is a useful tool to analyze the communication protocols.
Why?
Do you know? 1/5
Messages flow
Do you know? 2/5
Message protocol
Do you know? 3/5
Message binary data
Now?
Big problem. In general WireShark doesn't know our custom protocol!!!
In the next step,probably, we will cut binary data and we will past it in Ultra Edit, in hex mode, and after that, we will parse it manually!!!!. Help me!!!!!
The error probability is 100%.
Do you know? 4/5
No problem. There is a solution.
Do you know lua language [1]?
It’s a scripting language, like Python, and it’s compatible with WireShark.
What mean? We can define our custom protocol in WireShark!!!!
Do you know? 5/5
Data Protocol: ◦ UDP destination port 2; ◦ Count, Unsigned Integer 4 bytes; ◦ Time, Unsigned Integer 8 bytes;
Example 1/9
count time
With a text editor [2], we create, in WireShark home directory, a Lua file, for example myprotocol.lua.
Open, in WireSharke home directory, the file init.lua.
Append on the end of file the following row: dofile(DATA_DIR..”myprotocol.lua”)
Save and exit init.lua file.
Example 2/9
Example 3/9 Our message
struct
(myp
roto
col.lu
a)
Example 4/9
message fields
(myp
roto
col.lu
a)
Example 5/9
Message buffer
to message
struct
(myp
roto
col.lu
a)
Example 6/9
Protocol
property
(myp
roto
col.lu
a)
Example 7/9
count
Just our protocol!!!!
Example 8/9
time
Just our protocol!!!!
Example 9/9
filter
[1] – www.lua.org [2] – www.eclipse.org/koneki/ldt [3] - www.wireshark.org/download.html
Bibliography
