Create a Wireshark dissector in Lua


You have a custom protocol and would like to give your users the ability to visualize it in Wireshark? If your answer is yes, this post is for you.

I recommend using Wireshark’s embedded Lua interpreter, and its API for Lua. It is the easiest way to prototype dissectors which, for performance reasons, may later be rewritten in C. At the time of writing, I am still using Wireshark 1.2.1, but you might consider using the latest version.

Let us begin with some sample code.

Protocol dissector script in Lua

We use a chained dissector, it adds functionality to dissect packets of an existing protocol, such as packets destined to a particular tcp port. It receives only the payload part of the original protocol packet as the input buffer in the dissector function.

Running the Lua script in Wireshark

Here are the steps required to get the above code running. If your Wireshark version is 1.4 or better, skip step 3.

  1. Edit and save the lua script above to any folder (e.g. c:\myproto) and call the file myproto.lua
  2. Open init.lua in the Wireshark installation directory for editing. You will need Admin privileges on Windows Vista and 7.
  3. Comment out the following line in init.lua (single line comments begin with --):
    disable_lua = true; do return end;
    
  4. Add the following lines to init.lua (at the very end):
    MYPROTO_SCRIPT_PATH="C:\\myproto\\"
    dofile(MYPROTO_SCRIPT_PATH.."myproto.lua")
    
  5. Change MYPROTO_SCRIPT_PATH to point to the folder where you saved the script in step 1
  6. Run Wireshark
  7. Load a capture file that has the packets of your custom protocol or start a live capture

Here’s a figure that shows the protocol dissector in action.

A new car experience – costs in Brazil


I am not much of a connoisseur of cars. I like any car, as long as it has a good fuel economy and is reliable. The first time I bought a new car, not a used car, was two years back, a beautiful black Siena Fire model 2008 from Fiat.

There was much to like about that car, at least as far as the criteria I suggested earlier is concerned. The fuel economy with Ethanol was almost always around seven kilometres per litre or about sixteen miles per gallon. With Gasoline it achieved about ten kilometres per litre, or about twenty three miles per gallon, under typical city driving conditions, the average speed well within twenty kilometres per hour, and with the air conditioner used often.

I almost always used Ethanol, which cost about one Brazilian Real and seventy five cents circa 2008. Flex cars, as cars that use both Ethanol or Gasoline, or their mixture, are called in Brazil, go about seventy percent the distance with Ethanol, so long as its per litre price is below seventy percent of that of gasoline, it makes economical sense to use Ethanol.

Cars, like most other consumer goods, are pretty expensive in Brazil. The Siena model 2008 made me poorer by about forty thousand Brazilian Reals, over a period of two years. That is about twenty thousand US dollars or eight hundred thousand (8 lac) Indian Rupees. Similar cars cost about half as much in the United States or India.

Of the total cost of the car about nineteen thousand Brazilian Reals was paid over two years, and of that total, fourteen thousand was the principal and five thousand was the interest. That translates to about nineteen percent interest per annum, at that rate you would pay for another car in four years. Car loans need to be avoided like the plague.

Then suddenly, about three days before my thirty-fifth birthday, we suffered a pretty bad traffic accident. Luckily none in the car suffered serious injuries, but the car itself was damaged beyond repair. The only setback was financial, as mentioned before, cars are expensive in Brazil. I have since purchased a beige Fiat Siena model 2010. That car will set my wallet lighter by another forty thousand Brazilian Reals. A similar but better car in India would cost me about twenty five thousand Brazilian Reals.

So why are cars in Brazil so expensive? It is hard to pin-point that, but here are some facts:

  • The federal government taxes the manufacturer at about ten percent for a 1000 cc car, it can be as much as twenty five percent for higher-end cars
  • Most Brazilian states tax consumer goods at twenty percent or higher
  • Almost all transportation happens by trucks over roads that are poorly maintained
  • The total amount of taxes and other costs for hiring an employee can be equivalent to the salary paid

In-spite of it all, the manufacturers themselves earn hefty profits. In these days when manufactures around the world are either in the red or just surviving, most manufactures in Brazil are earning hefty profits.

The Brazilian consumer, obviously, pays for it all.

Written on March 6th 2010

Poor quality starts at the base


A high-definition TV, or HDTV for short, is now compelling enough to buy in Brazil. At least two Brazilian TV companies, SBT and Globo, broadcast free over-the-air HDTV content. I decided to get myself a 32 inch 720p HDTV set with an LCD screen.

The 720 in 720p means that it has a vertical resolution exceeding 720 pixels, and the p means that it supports progressive scan. Progressive scan or non-interlaced scanning happens when the screen is refreshed all at once, unlike interlaced screens, which are refreshed twice to get a full picture. Progressive scan gives pictures that are flicker-free.

The HDTV I bought is capable of down-scaling 1080i and 1080p transmissions, this leads to some stupendous pictures from the 1366×768 pixel screen. The only other reason to buy this particular HDTV, besides the ten percent discount at Walmart Brazil because my wife works for them, was the energy star rating. This usually only means that it has a low power consumption at standby, but this HDTV also has energy efficient modes where the brightness is adjusted to lower levels, saving me some electricity.

It has a good design, the pictures are sharp, and I have found the picture quality of HDTV content from over-the-air broadcasts really nice. If you have seen the Brazilian Novela of Eight, so called because it transmits between eight and nine in the evenings, you’ll know what I mean. I am not a big fan of Novelas, maybe good picture quality could be incentive enough to become one.

So far so good. Then in the first week of March I got home to find a really frightful scene. The TV was bent forward, almost falling off its base. If it was not for a 2 inch plastic ring attached to the base, it would have fallen and caused a major accident. Upon investigation, I came across a cylindrical plastic component, that attaches the base to the HDTV, to be the cause of the problem. It is made of bad quality plastic, it cracked and the screws that drive into it came off. See the picture and you’ll see what I mean. The plastic ring I mentioned appears right below the broken cylindrical component.

An LCD HDTV is a pretty hefty investment. For something like this to happen just two months into your first HDTV experience is a bit of a let down. Life goes on, so I invested in a wall fixture to hang the HDTV. The HDTV weighs about fifteen kilograms, so it shakes quite a bit upon touching, but at least it is secure.

Test robustness of your networked applications using netem


Networked applications need to handle a bad network. Bad networing conditions such as high latency, dropped packets, packet corruption, delayed packets, out-of-order packets etc can play havoc with your networking code. Luckily Linux provides a kernel level tool than you can use to simulate such conditions, called netem.

You can create two networks and use a linux box to bridge these two networks. Then just configure netem appropriately to simulate bad networking conditions between these two networks.

You can enable netem module under Networking support, Networking options, QoS and/or fair queueing

QoS and/or fair queuing

netem

You’ll need the tc utility from iproute2 package to configure netem. If you’re building an embedded Linux system with Buildroot, you can enable that package under Target packages, Networking applications

iproute2

MeeGo – an alternative to Android?


MeeGo is an initiative by Nokia and Intel, to create what looks like an alternative to Android. Both Nokia and Intel have been dabbling with Linux. Nokia with its Maemo initiative and Intel with its Moblin initiative. Maemo is present in Nokia tablet devices that pre-date iPad, why they have not been as successful is a debate for another post.

With MeeGo, both partners expect to unite forces and create an alternative operating system stack that can be used in smartphones, tablets, and netbooks. Nokia and Intel have very little incentive to succeed with MeeGo. Let me explain why.

Nokia already has another smartphone OS, it is called Symbian. Symbian is one of the most popular smartphone operating systems, with tons of applications. So what incentive does Nokia have in pushing MeeGo? I just don’t know, it looks like a fragmented focus is not helping them much right now.

Let us look at what Intel has to gain from MeeGo. Netbooks are not exactly what earn Intel significant margins, it is there because it does not want ARM-based microprocessors to be there. MeeGo supports ARM, mainly because of Nokia and Maemo. So will they push MeeGo when it can help ARM as much as its own breed of Atom processors?

For now, I think that MeeGo is mostly for Intel, Nokia and other strategic partners to try and compete against Android and ARM. Let us watch and see how far they can take MeeGo.

The holy trinity of sustainability or the CMD cycle


The holy trinity exists in several religions. In the Hindu religion, in particular, it is represented by Brahma-Vishnu-Shiva. Brahma is known as the creator, Vishnu the preserver, and Shiva the destroyer. That is the only reference to religion I’ll make in this post.

Creation is the means to infuse innovation, preservation sustains that innovation, and destruction ensures that new creation can happen again using the resources that are thus liberated.

The creation, preservation or maintenance, and destruction (CMD) functions are easily perceptible in a market economy, where opportunities and threats morph a product or company. A product or company can only survive when its feature or components are in varying stages of creation, preservation and destruction, such that it can compete with similar products or companies.

I’ll generalize the creation, preservation and destruction paradigm to another area, sustainability, a buzzword-du-jour. We as a species have gone on a creation spree that now extends some millenia. We are only just learning to preserve. It is now a given that only when we learn to destroy will we be truly sustainable.

If you are like me, you own a smartphone or two, but every couple of years you want to buy a new one. During that period, the corporation that brought you the smartphone posts applications, services, software updates, and replacement parts. This is the maintenance obligation being fulfilled by the corporation. It is then extremely important that someone fulfill the destroyer role. It can be eBay if you donate or auction the smartphone.

This is a superficial arrangement. Truly fundamental destruction needs to happen at some stage, when the fundamental building blocks of the smartphone are either reused or returned to nature in a benign form. That applied to any product or service will bring our species to the point of true sustainability. Till we get there, we may be locking-up our creativity in stuff that is increasingly difficult to maintain.

Is it time to innovate in destructive technology? Our next war is surely against ourselves!

Publish a live screen capture


There are several web-based conferencing solutions in the market, but if you would like to quickly screencast something on your own, this post may be helpful. Due to the tools we use, a Windows 32-bit PC is required.

You’ll need the following:

VH Screen capture driver: this is a (free for private use) driver that makes your screen or a window appear as an imaging device to Adobe Flash.

Flash media server – The development server is free to use for testing purposes.

Flash media live encoder – This encodes video and audio and pushes it to Flash Media Server. You can stream simultaneously in several bit-rates if so desired.

Moyea Web Player – You can use this to play streaming video

Here are the steps you have to go through:

1. Install all of the above.

2. Launch the “Configure VHScrCap” utility to configure how you would like screen capture to happen. The driver can capture the entire screen or a window, you can change the output size, maintain aspect ratio, and so on.

3. Launch the Adobe Flash Media Live encoder, and choose VHScrCap as you video device. You can choose an audio device if you want to stream audio along with the video. Choose the video settings as required. To transmit the video stream check “Stream to Flash Media Server”, set the FMS URL as “rtmp://localhost/live”, set the stream name to “livestream”, and hit “Connect”. Hitting “Start” will stream the video to the Flash media server installation on your PC.

4. Launch Moyea Web Player on another machine, and add an RTMP stream with the URL “rtmp://localhost/live/livestream” to watch the live stream. You can also create a customized media player and provide it to those who will watch your live stream.

I would like to test-drive IIS Live Smooth Streaming support for doing the same thing. The only problem is that Microsoft Expression Encoder with live smooth streaming support using H.264 is a paid product. If ever I get a copy of it, I’ll try setting up live screen capture using it, and report the experience. Stay tuned!