Wireshark-dev: Re: [Wireshark-dev] Lua Dissector Dev Tool

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Wed, 28 Mar 2018 17:36:34 +0200
Hi Markus,

2018-03-28 2:12 GMT+02:00 Markus Leballeux <markus.leballeux@xxxxxxxxx>:
Hello Wireshark Devs,

I am currently working on a lightweight Lua library called Wirebait (here on GitHub), which enables users to execute and step through their dissectors without needing Wireshark. All you need is data to dissect, which can either be a hexadecimal string representation of a UDP/TCP payload or a .pcap file.

I believe it is now "good enough" for other people to test and I am looking for kind souls to try the library and give me some feedback. In order to do so, you'll need the following:
  • Lua 5.3
  • a Lua dissector you want to test
  • a .pcap file or a hex string representing a UDP/TCP payload you want to dissect
If you do fulfill the requirements, getting set up should take less than a minute (more detailed instructions on the repo): 
  1. download wirebait.lua, 
  2. add a 5-line-snippet at the top of your dissector
  3. edit the snippet to read your .pcap or hex string
  4. you're ready to go: run your dissector and check out the dissection output
Even if you don't fulfill the requirements, you can still go to the Wirebait repo and try out the examples.

I would appreciate any form of feedback and/or suggestions.

Have a good one!

I'm not a Lua user but it definitely sounds interesting. One remark though (coming from someone not knowing much about Lua, so please forgive me if it's nonsense).
Wireshark only supports Lua 5.2.X, not Lua 5.3.X. So it only supports the older syntax and I understood there was some subtle differences between both. Isn't there a risk that your emunation behaves differently than Wireshark in some corner cases due to this?

Best regards,
Pascal.