On 9/11/07, Dan Siemon <[EMAIL PROTECTED]> wrote:
> However, I haven't been able to figure out how I can get access to parts of
> the packet data that are not covered by the display filter syntax. The
> particular example I am working on now involves obtaining the answers in a
> DNS response packet.
dnsExtractor = Field.new(" dns")
function tap.packet(pinfo, tvb, userdata)
local dns_tvb = Tvb.new_real(dnsExtractor())
local id = dns_tvb(0,2):get_uint() -- tvbrange:get_uint()
end
but that means redissecting dns...
BTW:
For which fields the dns dissector does not have display filter fields?
if there are multiple instances of a field in a given packet you can
get a table with them all this way:
xxxs_table = {xxxExtractor()}
or you can:
value1, value2 = xxxExtractor();
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
