Today I wrote my first Wireshark Dissector. I believe it was also my first day using the Lua programming language.
It was a pretty good experience. Much easier than I anticipated.
One specific item that was pleasantly easy was tying a lookup array to a variable (e.g. message flag codes to the message flag variable).
Perhaps there is a way, but I didn’t find it so that I could “reload” changes from my Dissector into an already open Wireshark. As it was, I ended up restarting Wireshark a lot and then reopening opening my pcap file.
While it is easy, given the protocol I was working with it started to become monotonous. However, it did pay as I was able to identify a difference in a problematic case.