first working

lua_dissectors/README.md

@@ -0,0 +1,64 @@
+# Lua Dissectors for Airstream PyShark
+
+This directory contains example Lua dissectors that can be used with Wireshark/tshark to decode custom protocols in PyShark.
+
+## Installation
+
+1. Copy the Lua dissector files to your Wireshark plugins directory:
+   - **Linux/Mac**: `~/.local/lib/wireshark/plugins/` or `~/.config/wireshark/plugins/`
+   - **Windows**: `%APPDATA%\Wireshark\plugins\`
+
+2. Restart Wireshark/tshark or reload Lua plugins (Ctrl+Shift+L in Wireshark)
+
+3. The dissectors will automatically be available to PyShark
+
+## Example Custom Protocol Dissector
+
+The `example_custom_protocol.lua` demonstrates:
+- Creating a custom protocol dissector
+- Defining protocol fields
+- Parsing packet structure
+- Registering for specific UDP ports
+- Heuristic dissection
+
+## Using with PyShark
+
+Once installed, PyShark will automatically use these dissectors:
+
+```python
+import pyshark
+
+# Capture with custom dissector
+capture = pyshark.FileCapture('capture.pcap')
+for packet in capture:
+    if hasattr(packet, 'custom'):
+        print(f"Custom packet: {packet.custom.msg_type}")
+```
+
+## Creating Your Own Dissectors
+
+1. Copy `example_custom_protocol.lua` as a template
+2. Modify the protocol name, fields, and parsing logic
+3. Register for appropriate ports or use heuristic detection
+4. Place in Wireshark plugins directory
+
+## Benefits for Airstream
+
+Custom Lua dissectors enable:
+- Decoding proprietary protocols (IENA, Chapter 10, etc.)
+- Adding metadata extraction
+- Protocol-specific statistics
+- Enhanced filtering capabilities
+
+## Testing Dissectors
+
+Test your dissector in Wireshark GUI first:
+1. Open a capture file
+2. Check if protocol appears in packet list
+3. Verify field extraction in packet details
+4. Use display filters like `custom.msg_type == 1`
+
+Then use with airstream_pyshark.py:
+```bash
+./airstream_pyshark.py -p capture.pcap --filter "custom"
+```