In this code with pyshark import pyshark cap = pyshark.FileCapture(filename) i = 0 for idx, packet in enumerate(cap): i += 1 print i print len(cap._packets) i and len(cap._packets) give two dif...

When you write a dissector for Wireshark, how do you test it? Looking for the visual output in the UI is not sufficient for a none-trivial protocol. Is there a good way for unit testing of the dis...

I am following the foo example given in the wireshark documentation. I am able to build the foo code plugin. I am using wireshark 3.0.1 version. In the workroot folder, I have updated the target - ...

I'm looking for a long time to a way to compile and run a custom Wireshark dissector, without needing to recompile the entire wireshark project. Many places on the Web, require developers to write ...

I am working with Message Manufacturing Specification (MMS) in wireshark. The tool is unable to dissect the ACSE layer. It doesn't show any error but it shows the ACSE data as a part of MMS i.e., a...

I'm trying to write a dissector for the Safari Remote Debug protocol which is based on bplists and have been reasonably successful (current code is here: https://github.com/andydavies/bplist-dissec...

I opened a pcap in wireshark and it displays a lot of packets as "tcp segment of a reassembled pdu". How wireshark is able to determine which tcp packets are segments of a reassembled pdu ? I...

i have a pcap file captured using wireshark. suppose the pcap has 6 packets numbered from 1 to 6 as shown below. now i want to edit this pcap file so that i get the packets in some different ...

I have a custom protocol that I'm looking at in wireshark. I thought it'd be useful if wireshark could disect it for me so that I don't have to decode the hex. Although I'm doing this in my program...

i used the following filter in wireshark to find the packets containing these bytes : frame contains "\x03\x00\x0e\xa8" but when i see the result of this filter, it displays more than 1k packets...

First of all, I'm new to Lua altogether, and this is my first attempt at writing a wireshark dissector. My protocol is straightforward - a 2 byte length field, followed by a string of that length....

i have a large pcap with more than 1000 tcp flows. i want to filter major flows say with packets greater than 100. if i go to conversations and right click on those flows, i can filter those flows,...