参考 http://mobile.51cto.com/iphone-285912.htm
一个例子, 端口14567端口的流量进行分析,目前只有一个在第24个字节处,取出1个字节进行分析,编号是否为7
sdga_proto = Proto("sdga","SDGA","sdga protocol") function sdga_proto.dissector(buffer,pinfo,tree) pinfo.cols.protocol = "sdga" pinfo.cols.info = "sdga data" local subtree = tree:add(sdga_proto,buffer(),"sdga prototal") --[[ subtree:add(buffer(0,0),"Message Header: ") subtree:add(buffer(0,1),"Version: " .. buffer(0,1):uint()) type = buffer(1,1):uint() type_str = "Unknown" if type == 1 then type_str = "REQUEST" elseif type == 2 then type_str = "RESPONSE" end subtree:add(buffer(1,1), "Type: " .. type_str) size = buffer:len() subtree:add(buffer(2,size-2), "Data: ") --]] -- 判断07 -- #subtree:add(buffer(23,1), "myData: ") data07 = buffer(23,1):uint() if data07 == 7 then data07_string = "编号07" else data07_string = data07 end subtree:add(buffer(23,1), "DATA07: " .. data07_string) end tcp_table = DissectorTable.get("tcp.port") tcp_table:add(14567,sdga_proto)