This is a dissector for Wireshark written in Lua that decodes Handshake packets.

Although all packet types have been added, a few haven't been tested yet. Please send a pcap if you are able to capture them (or confirm it works and PR a check mark :D).

Simply clone this repository into Wireshark's plugin directory. Make sure the directory is called handshake and not anything else.

To find the location of Wireshark's (personal) plugin directory, Open Wireshark -> Help -> About Wireshark -> Folder tab -> Personal Lua Plugins (not Personal Plugins) Once cloned, {PersonalLuaPlugins}/handshake/handshake.lua must exist.

cd ~/.local/lib/wireshark/plugins/
git clone https://github.com/htools-org/wireshark-handshake-protocol handshake

Then, restart Wireshark or reload plugins (Ctrl + Shift + L).

That's it!

Once installed, Handshake packets will automatically be decoded.

The Packet Details pane will have a new tree called Handshake Protocol Data. Expand it to explore the packet.

Some handy display filters:

// Filter by a specific packet type
handshake && handshake.type == 0;

// [add more]

Contributions are always welcome!

Each packet type has its own file to keep the code clean and is mostly commented.

If you plan to add a new type, a good place to start is by cloning packet_version.lua and replacing the name, type, fields, and parse. Remember to add the new type in handshake.lua!

Feel free to create a new issue if there's anything missing or could use more info.

MIT

• Bitcoin Protocol Documentation
• hsd codebase
• Creating a Wireshark dissector in Lua