how to get right filter for private protocol decoded by lua plugin

retag add tags

I used to lua plugin to decode private protocol package , the special part is there have multiple data packets in one UDP packet. such as. [PrviatePacket 1] [PrviatePacket 2] [PrviatePacket 3], thanks lua plugin, these can be decoded in wireshark.

But when i use filter function , the right packet can't be displayed, such as I want to use " field1 == A && field2 ==B" as the filter , there have a lot packets was filtered , because if field1== A is in any of [PrviatePacket 1] [PrviatePacket 2] [PrviatePacket 3] and field2== B is in any of [PrviatePacket 1] [PrviatePacket 2] [PrviatePacket 3], this UDP packet will be treated as filtered, so how to solve this to get right filter ?

Similar to How to filter by item?

You could modify the Lua code to add another field (possibly hidden) to use for searching.

If there are just a few PrivatePackets per UDP packet, implementing the Display Filter Macro may be quicker.

You might want to make a display filter macro for it like

macro name: PPfields

macro expression: (PrivatePacket.field1[1]==$1 and PrivatePacket.field2[1]==$2) or (PrivatePacket.field1[2]==$1 and PrivatePacket.field2[2]==$2) or (PrivatePacket.field1[3]==$1 and PrivatePacket.field2[3]==$2) or (PrivatePacket.field1[4]==$1 and PrivatePacket.field2[4]==$2)

Chuckc

answered 2024-04-11 15:53:23 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

how to get right filter for private protocol decoded by lua plugin edit

Comments

1 Answer

Comments