Re: [Wireshark-users] Lua scripting (obtaining protocol fields)

Tue, 11 Sep 2007 13:20:38 -0700 

I think a lot more "dns.resp.*" should exist...

... dns.resp.a , dns.resp.cname,  dns.resp.soa, dns.resp.mx.pref,
dns.resp.mx ...

some calls to proto_tree_add_text()  should be turned into
proto_tree_add_item() in  dissect_dns_answer() [packet-dns.c:999]...



On 9/11/07, Dan Siemon <[EMAIL PROTECTED]> wrote:
> On 9/11/07, Luis EG Ontanon <[EMAIL PROTECTED]> wrote:
> > Does this work?
> >
> > dnsRespNameExtractor = Field.new(" dns.resp.name")
> >
> > function tap.packet(pinfo, tvb, userdata)
> >       local table = {dnsRespNameExtractor()}
> >
> >
> > end
>
> No, that just prints the name in the response.  What I require is the
> returned result value. For example in a response for www.google.com I need
> to obtain the returned IP addresses. Or CNAMEs etc.
>
> Hopefully I'm not just missing it but the Wireshark display filter reference
> doesn't appear to show a way to get this information.
> http://www.wireshark.org/docs/dfref/d/dns.html
>
> > On 9/11/07, Luis EG Ontanon <[EMAIL PROTECTED] > wrote:
> > > On 9/11/07, Dan Siemon <[EMAIL PROTECTED]> wrote:
> > > > However, I haven't been able to figure out how I can get access to
> parts of
> > > > the packet data that are not covered by the display filter syntax. The
> > > > particular example I am working on now involves obtaining the answers
> in a
> > > > DNS response packet.
> > >
> > > dnsExtractor = Field.new(" dns")
> > >
> > > function tap.packet(pinfo, tvb, userdata)
> > >        local dns_tvb = Tvb.new_real(dnsExtractor())
> > >        local id = dns_tvb(0,2):get_uint() -- tvbrange:get_uint()
> > > end
> > >
> > > but that means redissecting dns...
> > >
> > > BTW:
> > >  For which fields the dns dissector does not have display filter fields?
> > >
> > >
> > > if there are multiple instances of a field in a given packet you can
> > > get a table with them all this way:
> > >
> > > xxxs_table = {xxxExtractor()}
> > >
> > > or you can:
> > >
> > > value1, value2 =  xxxExtractor();
> > >
> > >
> > > --
> > > This information is top security. When you have read it, destroy
> yourself.
> > > -- Marshall McLuhan
> > >
> >
> >
> > --
> > This information is top security. When you have read it, destroy yourself.
> > -- Marshall McLuhan
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@wireshark.org
> >
> http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users

Reply via email to