I'm writing a dissector (to be added to DissectorTable.get("tcp.port")) for a TCP-based application. I've gone through the Wireshark API doc but could not find out how to get TCP header's info like
UPDATE:
Based on the answer I'd put example snippet here. Just FYI.
local proto = Proto("myproto", "my proto")
-- ...
-- ...
--
-- A Field object can only be created *outside* of the callback
-- functions of dissectors, post-dissectors, heuristic-dissectors,
-- and taps.
--
local F_tcp_seq_rel = Field.new('tcp.seq') -- relative seq num
local F_tcp_seq_raw = Field.new('tcp.seq_raw') -- raw seq num
function proto.dissector(tvbuf, pinfo, tree)
-- ...
-- ...
local seq_rel = F_tcp_seq_rel() -- yes the Field object is callable!
local seq_raw = F_tcp_seq_raw()
-- ...
-- ...
end
DissectorTable.get("tcp.port"):add(12345, proto)
The way to get any field data, TCP or otherwise, is via a Field Extractor. So for example:
local tcp_flags_syn = Field.new("tcp.flags.syn")
local tcp_flags_ack = Field.new("tcp.flags.ack")
-- If you want relative sequence/acknowledgment numbers:
local tcp_seq = Field.new("tcp.seq")
local tcp_ack = Field.new("tcp.ack")
-- If you want absolute sequence/acknowledgment numbers:
local tcp_seq_raw = Field.new("tcp.seq_raw")
local tcp_ack_raw = Field.new("tcp.ack_raw")
If you need additional help using these fields, you may want to look at some of the Lua examples provided on the Wireshark Examples and/or Contrib wiki pages.