Advanced Wireshark Scripting

Wireshark is one of the most well-known applications for network analysis and often referred to as the de-facto standard for packet analysis. While often used out of the box, Wireshark allows for powerful customization capabilities via scripting, ranging from writing definitions to parse new protocols (protocol dissectors) over post-processing to the triggering of events to GUI-support. The Lua scripting language offers simple, flexible and reliable scripting capabilities that are well integrated into the Wireshark environment and can be used to extend nearly all aspects of Wireshark, while remaining easy to learn and not requiring the user to dig deep into Wireshark’s internal workings. This training features an introduction to Lua and the internals of Wireshark scripting, thus no previous knowledge on either of the two are required. In an intensive hands-on training, attendants will learn how to customize Wireshark with writing dissectors, listeners and post-dissectors, as well as handling meta-information and introducing GUI elements in order to enable them to fully configure Wireshark to their respective needs.

Topics

  • Introduction to the Lua scripting language and the Lua-API in Wireshark
  • Write your own protocol dissectors for protocol reverse engineering, support of uncommon protocols, etc.
  • Extend existing protocol dissectors for a more detailed view on a network protocol
  • Create listeners to trigger events based on traffic patterns
  • Create your own UI elements (menu, windows, preferences) within Wireshark, File IO

Requirements

  • Basic understanding for common network protocol
  • Laptop (we provide the training environment on a bootable USB thumb drive)

Interested?