This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
This is a Wireshark Lua plugin for dissecting TAK (Team Awareness Kit), CoT (Cursor-on-Target), and OMNI (Open Mission Network Interface) protocol messages. The plugin includes native protobuf parsing - no external dependencies required.
- XML CoT (version 0): Plain XML messages starting with
<?xmlor<event - Stream protocol (version 1):
0xBFmagic byte + varint length + TakMessage protobuf - Mesh protocol (version 2+):
0xBF+ version varint +0xBF+ TakMessage protobuf
- Open Mission Network Interface
- BaseEvent messages with various event types (Track, Player, Chat, Sensor, Shape, Weather, etc.)
The plugin is split into two files for protocol separation:
tak.lua(~890 lines): TAK Protobuf and CoT XML protocolsomni.lua(~380 lines): OMNI Protobuf protocol
Both files include a native protobuf decoder for installation simplicity (no shared dependencies).
The pb module implements protobuf parsing without external dependencies:
pb.decode_varint()- Decode variable-length integerspb.decode_tag()- Parse field number and wire typepb.parse_message()- Extract all fields from a protobuf message- Helper functions:
pb.get_string(),pb.get_field(),pb.get_uint64()
Simple regex-based XML attribute/element extraction for CoT XML messages.
Wireshark ProtoField definitions for TAK dissected values:
- Common fields (protocol, version, length)
- TAK Control fields (min/max proto version)
- CoT Event fields (type, uid, how, timestamps)
- Point fields (lat, lon, hae, ce, le)
- Detail sub-fields (contact, group, status, takv, track, precisionlocation)
- TAK Protobuf: Parses TakMessage → TakControl + CotEvent → Detail sub-messages
- XML CoT: Extracts event, point, and detail attributes from XML
Entry point that detects message format and routes to appropriate parser:
- Check for XML (
<?xmlor<eventprefix) - Check for TAK magic byte (
0xBF) → Stream or Mesh protocol - Mark as unsupported if unrecognized
Wireshark ProtoField definitions for OMNI dissected values:
- BaseEvent fields (entity_id, sequence_number)
- EventOrigin fields (source_uid, source_net)
- TimeOfValidity fields (updated, timeout)
- Alias fields (domain, name, network, id)
- Event type field for oneof events (Track, Player, Chat, etc.)
- BaseEvent Parser: Parses top-level OMNI message
- Event-specific Parsers: Track, Player, Chat, and other event types
The repository includes protocol definitions in subdirectories (not part of the plugin):
takproto-master/- TAK protobuf definitions (TakMessage, CotEvent, Detail, etc.)omni-master/protos/- OMNI protobuf definitions (BaseEvent, TrackEvent, etc.)takcot-master/xsd/- CoT XML schema definitions
Automatic:
./install.sh # macOS/Linux
powershell -File install.ps1 # WindowsManual: Copy tak.lua and omni.lua to Wireshark plugins directory and reload
TAK Protocol (Edit → Preferences → Protocols → TAK):
- TAK Port: TCP/UDP port for TAK messages (default: 6969)
OMNI Protocol (Edit → Preferences → Protocols → OMNI):
- OMNI Port: TCP/UDP port for OMNI messages (default: 8089)
tak # All TAK traffic
tak.protocol == "xml" # XML CoT messages
tak.protocol == "mesh" # Mesh protocol messages
tak.protocol == "stream" # Stream protocol messages
tak.cot.type # Filter by CoT event type
tak.cot.uid contains "ANDROID" # Filter by UID pattern
tak.point.lat > 38.0 # Filter by latitude
tak.detail.contact.callsign # Filter by callsign
omni # All OMNI traffic
omni.entity_id # Filter by entity ID
omni.event_type == "Track" # Track events
omni.event_type == "Player" # Player events
omni.event_type == "Chat" # Chat events
This project uses RTMX for requirements traceability.
rtmx status- Show RTM progressrtmx backlog- View prioritized backlogrtmx health- Run health checks
- Check the RTM:
rtmx status - Mark tests with
@pytest.mark.req("REQ-XXX-NNN") - Update status when complete
- Database:
docs/rtm_database.csv - Specs:
docs/requirements/