I'm writing a dissector in lua for Wireshark and the only identifier for these packets are in the data that hasn't been parsed yet. I'm just not sure how to get this yet, usually it is in the tvb buffer when using a dissector, but with the other dissectors the IP or Port was the identifier not the data itself.
Wireshark Lua Dissector - Getting Unparsed data before dissector
117 Views Asked by Sam Spencer At
1
There are 1 best solutions below
Related Questions in LUA
- How to make a ServerScript wait for a LocalScript to fire a RemoteEvent
- global const variables in lua 5.4
- Backpack for roblox simulator game
- Calling an event with a delay in Roblox Studio. How to do?
- lghub lua script presskey
- LGHUB Lua script
- In pairs for loop not looping inside of another in pairs loop
- Lua syntax error expected '(' near update_rotation
- 64 unsigned integers in Lua 5.3/5.4 do not behave like in "Programming in Lua"
- How to write a lua pattern that is aware of escaped characters?
- having trouble installing neovim plugin
- Incorrect number comparison result (Lua)
- Lua: is there a need to use hash of string as a key in lua tables
- continuations in lua, is not working while trying extending it
- Neovim Kickstart config "E5113: Error while calling lua chunk: vim/_editor.lua:0: attempt to compare two table values" everytime I open neovim
Related Questions in WIRESHARK
- Python Multicast packet receiver stops receiving multicast packets when computer is connected to WiFi
- Python uses the scapy library to read the wireshark packet capture file and then writes a new file and it cannot be displayed
- Using Winshark to Filter by process/PID
- Microsoft Message Analyzer disable resolving IP address to their domain names a.k.a turn off AutoIP feature
- Why the code shows only the header and footer of xml file?
- I observed that a duplicate request was sent 60 seconds following the first request, yet the browser's devtool displays only a single request
- v2gexi protocol Data parshing from pcap file
- How to force Wireshark's all_field_infos() function gather all the fields?
- How should USB MIDI packets be formatted?
- Strange base64 python decoding
- Wireshark is crashing after printing the result
- Disable ECDHE cipher in SslSocket in .NET Core
- Need IPSEC Pcap format for AH next header with TCP/UDP
- How to extract content disposition in pyshark
- the network packages when use node middleware
Related Questions in WIRESHARK-DISSECTOR
- Why Wireshark is not displaying RTPS sub-messages in the 'Info' column?
- parsing a wireshark file, parsing the payload and storing specific packets in the wireshark format
- Lua sub-dissector for rtcp inside a proprietary protocol
- Error loading wrapper for shared library in lua plugin
- Lua script does not print results to wireshark console
- Dissector table doesn't exist while registering subdissector for ZMTP
- How Can Call Sub Dissector in Wireshark on Lua
- What is the best way to extract only hex value for all fields to JSON with Wireshark/TShark
- Wireshark Lua Dissector - Getting Unparsed data before dissector
- Understanding an "attempt to index global 'ftypes' (a nil value)" Lua error
- Wireshark--Transmission Control Protocol, Src Port: 51589, Dst Port: 443, Seq: 599, Ack: 6627, Len: 0
- How do I decode Photon traffic from Wireshark
- Encryption alert (Alert (21))from the Server and connection resets
- How to add an array of fields as a ProtoField in Lua Dissector
- Wireshark Lua API: How to maintain a packetfile specific var?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
If it's available in the
data.datafield, then you can try to look into that field to see if the data is relevant to your dissector.For an example of how this might be done, have a look at the Guacamole Post-dissector I wrote and posted on the Wireshark Guacamole wiki page.