I’ve had some experience recently writing a protocol dissector for Wireshark. The easy and faster way is to write in Lua, whereas for faster dissection you need to write in C. There are bits and pieces of information of how to write a dissector in Lua on the internet. However, there is much less information regarding USB support.
Most examples show how to install a protocol dissector on a certain TCP port:
1 2 3 4
With USB it’s not that obvious. Wireshark before version 1.10 (e.g., in Ubuntu 12.04 LTS) didn’t allow to install a dissector on USB device with specific Vendor ID and Product ID, so the only way was to install on USB device class, and filter somehow afterwards. Luckily, now you can attach a dissector on specific USB device. Here’s the code I come up with to support both the older and newer versions of wireshark:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Note that the product ID approach may fail if Wireshark doesn’t get the device descriptors. However, it never happened in my several tests. The
0x18d12d01 value is the Vendor and Product ID for USB Android Open Accessory devices.
FYI: The method call with
pcall() is how you can catch exceptions from functions in Lua.