Wireshark-dev: [Wireshark-dev] How to evaluate hex/ebcdic packet data LUA
From: Jerry White <jerrywhite518@xxxxxxxxx>
Date: Sun, 23 Oct 2016 19:40:58 -0700
I'm having a dickens of a time working with the packet data in my Lua dissector. I'm trying to see if a particular byte has a particular value. This byte exists in three different places in the below code, and all I want to do is test if it contains 0xc4, and I just can't get it right. Any help is appreciated.


local mgi = Proto("mymgi", "Somos MGI Protocol")
local pf_mgi_flag =  ProtoField.new("mgi_flag", "mymgi.mgi_flag", ftypes.STRING)

mgi.fields = {
pf_mgi_flag
}

local m_flag = Field.new("mymgi.mgi_flag") -- used for relational operations

function mgi.dissector(tvbuf, pktinfo, root)
pktinfo.cols.protocol:set("SomosMGI")
    local pktlen = tvbuf:reported_length_remaining()
local tree = root:add(mgi, tvbuf:range(0,pktlen))

local info_mgi_flag = tvbuf:range(19,1) -- used in wireshark info column
tree:add(pf_mgi_flag, tvbuf:range(19,1)) -- used in protocol tree
pktinfo.cols.info:append("FLAG=")
pktinfo.cols.info:append("".. info_mgi_flag ..",")
return pktlen

DissectorTable.get("tcp.port"):add(6110, mgi)


By the way, in the Wireshark tree it prints as \357\277\275, but in the Info column it displays as c4. In the hex packet display it is also c4. And if I do print ((string.char(0xc4))), this character prints Ä

Thank you,
Jerry