I have a protocol that has an encrypted string as one of its fields.
A Lua based dissector (for example) shows this using the following
code snippet:
xx_proto.fields.msg = ProtoField.string("xx.msg", "Msg", base.ASCII)
local decoded = decrypt(buf, start)
subtree:add(xx_proto.fields.msg, buf(start, len), decoded:raw())
The decoder converts the encrypted data into ASCII.
I'd love to be able to search on the decrypted contents using a display
filter,
but I presume it searches buf(start, len) rather than the decrypted
data/value
that's placed into the tree.
Can it be done?
What would I need to do?
TIA
Fulko
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
