Unfortunately, although you can create custom columns, the data you want in that column is not currently generated by the HTTP protocol decoder. Tcp_dissector_table:add(80, http_wrapper_proto) - and take its place in the dissector table Original_http_dissector = tcp_dissector_table:get_dissector(80) - save the original dissector so we can still get to it Local tcp_dissector_table = DissectorTable.get("tcp.port") Treeitem:add(http_wrapper_len, hdr_len):set_generated() Local hdr_len = string.find(hdr_str, "\r\n\r\n") or string.find(hdr_str, "\n\n\n\n") the field to the tree (allowing us to filter for it) which indicates the length of the HTTP header, and then add find the position of the header terminator (two new lines), if the request method or response code is present, Original_http_dissector:call(tvbuffer, pinfo, treeitem)
Let's wrap the call in a pcall in order to catch but we still want the original to run, especially because we need We've replaced the original http dissector in the dissector table,
Local f_resp_code = Field.new("")įunction http_wrapper_proto.dissector(tvbuffer, pinfo, treeitem) so we can check for them later in the dissector. request method or HTTP response code, so declare those here HTTP frames that contain a header usually include the HTTP
Http_wrapper_len = ProtoField.uint32("http.hdr_len", "Header length (bytes)") Local http_wrapper_proto = Proto("http_extra", "Extra analysis of the HTTP protocol") This can be achieved simply with a Lua dissector that adds an HTTP header field to the packet tree, allowing you to filter for it, as shown in this screenshot:Ĭopy this Lua script into your plugins directory (e.g., $/plugins/1.4.6/http_a), and restart Wireshark (if already running).
0 kommentar(er)
