It is fairly easy to write a Wireshark dissector in Lua for your custom protocol over WebSockets. To understand the basics of writing, and using, dissectors for Wireshark in Lua, see Create a Wireshark dissector in Lua.
Here’s a template to get you started with writing your custom dissector. Replace port number 8002, with the port number where your WebSocket server listens for incoming connections, and the dissector should be called.
You can also register the dissector using declared WebSocket protocol name. Retrieve the ws.protocol dissector table instead of ws.port, and add your dissector to the dissector table using protocol name (a string) instead of port number.
If using WebSockets over SSL/TLS, you need to specify the server’s private key file in SSL protocol dissector‘s configuration, so that Wireshark can decrypt the traffic. The protocol field in configuration should be set to http.
Filed under: Lua, Wireshark
