In December 2020 I provided online Wireshark training to one of our NVISO clients. During the second day, when we cover the development of custom dissectors written in Lua, a question about CSV data came up. When the data exchanged over TCP, for example, has the CSV format (fields separated by a separator), how can I write a dissector for that?
While answering the question, I realized that this is a case that could be solved with a generic dissector. And the same night, I developed the first version.
Say you have a packet capture with a TCP connection. And the data exchanged over TCP consists of different fields, separated by a separator character.
Like this example:
Because Wireshark does not recognize the protocol used in this TCP connection, the content is just displayed as data.
With Lua dissector csv-dissector.lua, the data is dissected into different fields:
The separator character (pipe character | in this example) is something that can be configured:
Other changes can be made, but these have to be made in the code of the dissector itself:
Changing the port Changing the number of fields Change the name of the fields
Download:
csv_dissector_V0_0_2.zip (https)
MD5: E8CCE089FB0574775AB39DADED3B7AA2
SHA256: 5C8DC0F2BB97AA660E2576B23379B6F12FB88126F0EFC7A2F69E76EBA8E782BD