Guy Harris wrote: > On Mar 17, 2008, at 11:25 AM, Leandro Lucarella wrote: > >> But I still can't find a way to tell (looked at FT_* and BASE_* >> constants) wireshark to interpret the field as little endian. > > The byte order is *NOT* a property of the field; there exist protocols > (X11 and DCE RPC, to name two) where a given field might appear as > little-endian in some packets and big-endian in other packets, even in > the same capture. > > At least as I read the Wireshark Lua reference manual section of the > Wireshark User's Manual, you want to do > > subtree:add_le(pf, buffer(0, 4)) > > to add a little-endian 4-byte quantity, but I'm not an expert on the > Lua support. Luis?
Yeap! That did the trick! Thank you! Another Lua-specific question: is there any way to activate Lua support in a user-basis or via some configuration file in /etc? Because init.lua it's in /usr/share/... and when using a distribution (I'm using Debian), if I edit the file to comment "disable_lua = true; do return end;", every time a new version of the package is installed, I lost that "configuration". TIA. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
