In this tutorial we will add SCION protocol dissector in Wireshark and Tshark. This will allow easier an more intuitive debugging of SCION protocol. You can read more on what protocol dissector does on Wireshark docs
In order to continue this tutorial, we will assume that you already have Wireshark or Tshark installed on your system.
Running Wireshark is recommended on machines with graphical interface.
In order to install Wireshark, follow installation guide on Wireshark website for your platform. On Ubuntu, simply run:
sudo apt install wireshark
In case you want to install Tshark on Ubuntu simply run:
sudo apt install tshark
We need to find directory in which Wireshark or Tshark are looking for plugins so we can place SCION plugin there.
From Help menu select About Wireshark and in newly opened window select Folders tab. There are paths to global and local plugin directory.
In this tutorial we will use global Lua plugin directory which is usually:
Plugins from global plugin directory are available to all users, while local is only for currently running user.
In order to find the directory where Tshark is loading Lua plugins from we can run following command:
tshark -G folders | grep ^Global.Lua.Plugins | cut -f2
which should return a path like:
Wireshark/Tshark plugin is located in SCION project at
It is necessary to download
scion.lua file and place it in plugin directory acquired in previous step.
In Ubuntu system this can be done with following command:
sudo wget -P /usr/lib/x86_64-linux-gnu/wireshark/plugins/ https://raw.githubusercontent.com/netsec-ethz/scion/scionlab/tools/wireshark/scion.lua