search

KimiNewt / pyshark

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors
MIT License
2.21k stars 421 forks source link

Pyshark not recognizing lua plugin layer #461

Open moodster321 opened 3 years ago

moodster321 commented 3 years ago

I recently updated from wireshark 3.0.0 to 3.4.0, and I found that when dissecting packets as with my custom lua dissector, pyshark would no longer recognize the new layer in the packet as it did previously, but this only happens for some of the packets dissected. I have narrowed down the changes to something that happened between Wireshark 3.1.0 to 3.2.0 by testing different versions but haven't been able to find what the cause is. The dissector works fine when viewing in Wireshark.

Python 3.7.8 Pyshark 0.4.3

\AppData\Roaming\Python\Python37\site-packages\pyshark\packet\packet.py", line 50, in __getitem__
    raise KeyError('Layer does not exist in packet')
KeyError: 'Layer does not exist in packet'

If anyone has some ideas on what is happening that would be great, thanks!

primal100 commented 3 years ago

It's probably a change in the pdml format in tshark. Run the pcap with dissector through tshark 3.0 and 3.4 with output format pdml and see if there is any difference.