Hi,
I have a proprietary, stream-oriented transport protocol, typically
used on serial links, which is difficult to "parse" by hand. The
protocol has port numbers, flags and sequence numbers (similar as
TCP). For TCP, wireshark offers lovely ways to view, analyze and
evaluate traffic. I would like to have the same for my serial
protocol.
Is wireshark suited to view, analyze and evaluate such a proprietary protocol?
I took a look to the documentation and read about dissectors. As far
as I understand essentially they could be implemented in C, Python or
Lua, is that right?
I'd guess a scripting language is more comfortable to use here, so I
think I'd try to learn the basics of Python or Lua to write some frame
decoder. Also, I think a small script file would be easier to pass
around (w/o requiring to recompile/relink wireshark). Is that true?
Since my protocol usually is not used on top of TCP (but plain serial
lines), I think I'd start with text2pcap with serial hex dumps, but as
far as I understood the resulting pcap file is expected to include
Ethernet frames, so I'd get a difficulty here?
Any comments appreciated,
Steffen