Wireshark 4.4.0rc1's Custom Columns

Published: 2024-08-15. Last Updated: 2024-08-15 08:27:12 UTC
by Didier Stevens (Version: 1)
0 comment(s)

In diary entry "A Wireshark Lua Dissector for Fixed Field Length Protocols", I show how to use a protocol dissector I wrote in Lua to parse TCP data.

Wireshark 4.4.0 Release Candidate 1 was released, and it allows us to use field expressions as custom columns.

This means that some of the functionality that had to be implemented with a dissector, can now just be configured.

Take this example of fields Function, Direction, Counter, DataLength and Data, as defined with my custom Lua dissector:

Similar fields can now be configured via field expressions and custom columns:

By adding custom columns and field expressions.

For example, the field Function is the first byte of the TCP payload: tcp.payload[0]

Another example: field Counter is the third and fourth byte of the TCP payload: tcp.payload[2:2]

As you can see, the column values are displayed as bytes (hexadecimal).

I have not found a way to convert this to decimal integers.

If you have a solution, please post a comment.

 

Didier Stevens
Senior handler
blog.DidierStevens.com

Keywords:
0 comment(s)
ISC Stormcast For Thursday, August 15th, 2024 https://isc.sans.edu/podcastdetail/9098

Comments


Diary Archives