Re: [Wireshark-users] Lua scripting (obtaining protocol fields)

Tue, 11 Sep 2007 12:53:47 -0700 

On 9/11/07, Luis EG Ontanon <[EMAIL PROTECTED]> wrote:
>
> Does this work?
>
> dnsRespNameExtractor = Field.new(" dns.resp.name")
>
> function tap.packet(pinfo, tvb, userdata)
>       local table = {dnsRespNameExtractor()}
>
>
> end


No, that just prints the name in the response.  What I require is the
returned result value. For example in a response for www.google.com I need
to obtain the returned IP addresses. Or CNAMEs etc.

Hopefully I'm not just missing it but the Wireshark display filter reference
doesn't appear to show a way to get this information.
http://www.wireshark.org/docs/dfref/d/dns.html


On 9/11/07, Luis EG Ontanon <[EMAIL PROTECTED]> wrote:
> > On 9/11/07, Dan Siemon <[EMAIL PROTECTED]> wrote:
> > > However, I haven't been able to figure out how I can get access to
> parts of
> > > the packet data that are not covered by the display filter syntax. The
> > > particular example I am working on now involves obtaining the answers
> in a
> > > DNS response packet.
> >
> > dnsExtractor = Field.new(" dns")
> >
> > function tap.packet(pinfo, tvb, userdata)
> >        local dns_tvb = Tvb.new_real(dnsExtractor())
> >        local id = dns_tvb(0,2):get_uint() -- tvbrange:get_uint()
> > end
> >
> > but that means redissecting dns...
> >
> > BTW:
> >  For which fields the dns dissector does not have display filter fields?
> >
> >
> > if there are multiple instances of a field in a given packet you can
> > get a table with them all this way:
> >
> > xxxs_table = {xxxExtractor()}
> >
> > or you can:
> >
> > value1, value2 =  xxxExtractor();
> >
> >
> > --
> > This information is top security. When you have read it, destroy
> yourself.
> > -- Marshall McLuhan
> >
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>

_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users

Reply via email to