GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mdavidsaver → cashark

mdavidsaver / cashark

Licence: other
Wireshark dissector plugin for EPICS protocols

Programming Languages

lua
6591 projects
shell
77523 projects

Labels

epicswiresharkwireshark-dissectorwireshark-dissector-plugin

Projects that are alternatives of or similar to cashark

Reverse Engineering Bluetooth Protocols
Intercepting Bluetooth device communication and simulating packet responses of an iPhone from a Raspberry Pi 3
Stars: ✭ 105 (+425%)
Mutual labels:  wireshark
caproto
a bring-your-own-IO implementation of the EPICS Channel Access protocol
Stars: ✭ 22 (+10%)
Mutual labels:  epics
tshark.dev
Repo to manage tshark.dev, deployed to netlify
Stars: ✭ 39 (+95%)
Mutual labels:  wireshark
Sec Tools
Docker images for infosec tools
Stars: ✭ 135 (+575%)
Mutual labels:  wireshark
Windowsspyblocker
WindowsSpyBlocker 🛡️ is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems.
Stars: ✭ 2,913 (+14465%)
Mutual labels:  wireshark
asyn
EPICS module for driver and device support
Stars: ✭ 19 (-5%)
Mutual labels:  epics
Ksniff
Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
Stars: ✭ 1,339 (+6595%)
Mutual labels:  wireshark
rvi capture
rvictl for Linux and Windows: capture packets sent/received by iOS devices
Stars: ✭ 124 (+520%)
Mutual labels:  wireshark
Etl2pcapng
Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.
Stars: ✭ 228 (+1040%)
Mutual labels:  wireshark
wlan-extcap
Wireshark extcap interface for remote wireless captures.
Stars: ✭ 31 (+55%)
Mutual labels:  wireshark
Simpleai
SimpleAI is a small C++ AI behaviour tree based library with a QT5 based remote debugger (and with optional LUA bindings) released under MIT.
Stars: ✭ 153 (+665%)
Mutual labels:  wireshark
Cuishark
A protocol analyzer like a wireshark on CUI. cuishark is using libwireshark to analyze packets. https://cuishark.slankdev.net
Stars: ✭ 208 (+940%)
Mutual labels:  wireshark
lewis
Let's write intricate simulators!
Stars: ✭ 17 (-15%)
Mutual labels:  epics
Wireshark Cheatsheet
Wireshark Cheat Sheet
Stars: ✭ 131 (+555%)
Mutual labels:  wireshark
p4-traffictool
p4-traffictool helps in packet generation, parsing and dissection for popular backends
Stars: ✭ 31 (+55%)
Mutual labels:  wireshark-dissector
Qqwry2mmdb
为 Wireshark 能使用纯真网络 IP 数据库(QQwry)而提供的格式转换工具
Stars: ✭ 105 (+425%)
Mutual labels:  wireshark
jiractl
A command-line tool for managing Jira
Stars: ✭ 52 (+160%)
Mutual labels:  epics
ChromeBluetooth
Demo of a "Stress Display" using Chrome Bluetooth. Reads Heart-rate data, and displays "stress" colors to a smart bulb. (Uses a SBT5007 smart bulb)
Stars: ✭ 14 (-30%)
Mutual labels:  wireshark
linux-802.15.4-sniffer
Linux Based 802.15.4/Zigbee Sniffer
Stars: ✭ 17 (-15%)
Mutual labels:  wireshark
myown
Blog 分享一些前端的知识,流行库的源码阅读,前端可做的性能优化,SVG动画小知识。
Stars: ✭ 64 (+220%)
Mutual labels:  wireshark
View All Similar Projects ➔

Wireshark dissector plugin for EPICS protocols

Tested with wireshark 1.2.11, 1.8.2, 1.10.8, 2.2.6, 2.6.0, and 3.4.10. Works on RHEL 7.4 (wireshark 1.10.14).

Using

Only the file ca.lua is needed. Then start wireshark with

wireshark -X lua_script:/path/to/ca.lua

Status

This plugin does general decoding of CA UDP and TCP traffic on the standard ports (5064 and 5065). It does TCP segment reassembly for large messages.

The CA protocol provides no easy way to distinguish client and server messages without observing the start of the connection. Thus this plugin can not fully decode all messages. Currently only some messages are fully decoded. Others decode with only generic field names.

Reporting bugs

Bug reports are welcome (and patches more so).

Send to "Michael Davidsaver" [email protected] or open a github issue. Please mention both the wireshark and lua versions.

If possible, please include a packet capture file which will trigger the error.

Note that the PVA dissector triggers bug 10233 with wireshark 1.12.1, which is known to be fixed with 2.0.

Setup

To automatically load the CA dissector instead of using the -X argument.

On RHEL systems, the wireshark config directory is at /usr/share/wireshark/. If the file /usr/share/wireshark/init.lua doesn't exist, install the package wireshark-devel.

Edit /etc/wireshark/init.lua and remove or comment out the line about disabling LUA support ("disable_lua = true"). You may also need to change the line "run_user_scripts_when_superuser = false" depending on how you run wireshark.

Next copy the file ca.lua from this repository to /etc/wireshark/.

Then add a line to the end of init.lua.

dofile("ca.lua")

If all goes well the string "Loaded CA" will be printed to the console when wireshark starts.

To install this for a single user create $HOME/.wireshark/init.lua with a single line "dofile("ca.lua")" and place ca.lua in this directory.

tshark

Dissectors may also be used with the CLI interface tshark. For example, the following prints all CA decode information in test/cabeacon.cap.

tshark -r test/cabeacon.cap \
 -X lua_script:ca.lua \
 -PO ca \
 'ca'

And with PVA:

tshark -r test/pva-beacon.pcapng.gz \
 -X lua_script:ca.lua \
 -PO pva \
 'pva'

Note that both decoders can be loaded simultaneously:

tshark \
 ...
 -X lua_script:ca.lua \
 -X lua_script:pva.lua \
 -PO ca,pva \
 'ca || pva'
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].