The previous article, “Wireshark Analysis of Custom Protobuf Protocol,” only monitored a single port. If a game has two socket connections at the same time, such as one for the gateway and another for something else, what should be done?
for i,port in ipairs(tcp_port) do tcp_port_table:add(port, m_MeteoricProto) endReference link: https://wiki.wireshark.org/Lua/Examples#Using_Lua_to_register_protocols_to_more_ports
The Wireshark filter condition can be written like this:
(ip.dst == 192.168.xx.xx or ip.src == 192.168.xx.xx) && tcp.len > 0
This basically displays the custom parsed socket messages. For more details on filter conditions, you can refer to the official website:
https://wiki.wireshark.org/DisplayFilters
The first question is monitoring multiple ports. There was no answer found in the official documentation.
https://wiki.wireshark.org/LuaAPI/Dissector#dissectortable:add.28pattern.2C_dissector.29
Tracking down to the source code did not provide much clarity either
https://github.com/wireshark/wireshark/blob/master/epan/wslua/wslua_dissector.c
Later tests revealed that the following two methods work as well, one indicates a range, the other lists multiple ports, both having the same effect as using a for loop.
tcp_port_table:add(“8002-8004”, m_MeteoricProto) tcp_port_table:add(“8002,8003,8004”, m_MeteoricProto)