Dissect TAK, Cursor-on-Target, and OMNI protocol messages in Wireshark.
| Protocol | Description |
|---|---|
| TAK XML CoT | Plain XML Cursor-on-Target messages |
| TAK Stream | Binary protobuf (version 1) |
| TAK Mesh | Binary protobuf (version 2+) |
| OMNI | Open Mission Network Interface |
All protobuf parsing is native Lua - no external dependencies.
./install.sh # macOS/Linux
powershell -File install.ps1 # WindowsOr manually copy tak.lua and omni.lua to your Wireshark plugins directory.
| Port | Protocol |
|---|---|
| 4242, 6969, 7171, 8087, 17012 | TAK |
| 8089 | OMNI |
Configure via Edit → Preferences → Protocols → TAK/OMNI.
tak # All TAK/OMNI traffic
tak.protocol == "mesh" # Mesh protocol
tak.cot.type contains "a-f" # Friendly units
tak.point.lat > 38.0 # Filter by latitude
omni.event_type == "Track" # OMNI track events
TAK traffic is often TLS-encrypted. See Wireshark's TLS documentation for decryption methods.
- Fork and clone
- Create feature branch
- Submit PR against
main
Forked from the original CoT/Protobuf dissectors by Josh Keys.
Requirements tracking powered by RTMX.
For inquiries about Ditto's public sector solutions: team-publicsector-sales@ditto.com