First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

plugin not functioning as intended

  • retag add tags

I,ve been trying to use this plugin although it does show up as intended. there is no decode as prompt and no "enable" checkbox

P.S if you're wondering where I got help to set it up. it was on chatgpt and im on Mac so I can't follow the instructions on the GitHub page

Allan's avatar
1
Allan
asked 2023-02-18 17:07:22 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Can you update the question with the output of wireshark -v or Help->About Wireshark:Wireshark.
Is it possible to share a sample capture file?

Chuckc's avatar Chuckc (2023-02-19 14:43:33 +0000) edit
more
  • delete

@Chuckc Here you go 

Version 4.0.3 (v4.0.3-0-gc552f74cdc23).

Compiled (64-bit) using Clang 11.0.0 (clang-1100.0.33.16), with GLib 2.68.4,
with PCRE2, with zlib 1.2.11, with Qt 6.2.4, with libpcap, without POSIX
capabilities, with Lua 5.2.4, with GnuTLS 3.6.15 and PKCS #11 support, with
Gcrypt 1.8.7, with Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with
brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9, with libsmi
0.4.8, with QtMultimedia, with automatic updates using Sparkle, with SpeexDSP
(using system library), with Minizip, with binary plugins.

Running on Mac OS X 10.16, build 21F2081 (Darwin 21.5.0), with Apple M2 (with
SSE4.2), with 8192 MB of physical memory, with GLib 2.68.4, with PCRE2 10.39
2021-10-29, with zlib 1.2.11, with Qt ...
(more)
Allan's avatar Allan (2023-02-19 18:51:31 +0000) edit
more
  • delete

Ok. Thats current Wireshark including Lua.
Did you exit Wireshark and go back in after putting the Lua file in the Lua plugin folder?
Did you add to the Personal or Global Lua Plugin folder?

I had to exit Wireshark and go back in to have ROBLOX appear in the Decode As... ports.
There is a simple UDP capture file to test with - chargen-udp.pcap (libpcap) Chargen over UDP. - on the Wiki Sample Captures page.

"Works on my Windows 10 system" isn't much help other than to show that the dissector is functional.

Chuckc's avatar Chuckc (2023-02-19 19:17:52 +0000) edit
more
  • delete

I put the folder in my personal Lua plugins folder

Allan's avatar Allan (2023-02-20 17:18:11 +0000) edit
more
  • delete

Did you test with chargen-udp.pcap?
It's not ROBLOX but the dissector doesn't care as long as it has UDP to work with.

Chuckc's avatar Chuckc (2023-02-20 18:05:08 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

(temporary answer to share screen shot)
It should decode as chargen with default settings but can be set to Decode As...

image description

Chuckc's avatar
3k
Chuckc
answered 2023-02-20 18:42:02 +0000
edit flag offensive 0 remove flag delete link
more

Comments

thanks. although I don't think decode as done anything as I don't see any differences in the packet data I've tried chargen and ROBLOX but the packet data is the same.

Allan's avatar Allan (2023-02-20 19:00:48 +0000) edit
more
  • delete

Do you mean the Packet Details in the lower left pane?
Can you share the dissection layers by right clicking on Frame 1 then Copy->All Visible Items and posting here.

Chuckc's avatar Chuckc (2023-02-20 19:15:17 +0000) edit
more
  • delete

Im talking about the window on the bottom right part of the screen, isnt the plugin meant to decode it?

Allan's avatar Allan (2023-02-20 19:43:58 +0000) edit
more
  • delete

The “Packet Bytes” Pane - "The packet bytes pane shows the data of the current packet (selected in the “Packet List” pane) in a hexdump style."
The Lua plugin/dissector is going to add fields/data to the Packet Details pane.

-- Set up all possible packet fields.
local field = {}
...
    if id == ID.OPEN_CONNECTION_REQUEST_1 then
        local packet = tree:add(roblox, buf(0))
        packet:add(field.id,           buf(0,1))
        packet:add(field.magic,        buf(1,16))
        packet:add(field.proto_ver,    buf(17,1))
        packet:add(field.null_padding, buf(18)
Chuckc's avatar Chuckc (2023-02-20 20:10:28 +0000) edit
more
  • delete

What kind of data?

Allan's avatar Allan (2023-02-21 08:46:35 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer