First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Decode as LUA - how do I do that?

  • retag add tags

I am using a third party LUA dissector (which I know works, as I have previously used the same file successfully with Wireshark a few months ago).

Unfortunately, this time around the decode does not happen, and the TCP payload is just shown as the raw hex data, instead of parsed and decoded values as provided by the dissector file.

I seem to remember that last time round, I set Decode As... to use the LUA dissector for the specific port, but this time round the LUA dissector does not appear in the "Decode As" list of protocols, and I can see no way of adding it, so I can't set it for the specific port I need to decode.

I'd upload a screenshot but apparently I need 60 points to do so. Both the protocol (MAVLINK_PROTO) and the LUA_Dissector appear in the Internals>Supported Protocols, and it's enabled under Enabled Protocols, and I've checked that a LUA file runs using -X lua_script:hello.lua, as suggested in the wireshark docs.

Can anybody suggest what else I need to do?

I'm running wireshark-GTK 2.2.6 on Ubuntu 16.04.

Thanks, Stevod

Stevod's avatar
1
Stevod
asked 2017-11-21 21:26:48 +0000
Guy Harris's avatar
19.9k
Guy Harris
updated 2017-11-22 02:20:17 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Problem resolved: 1. There's a bug in the LUA script that causes it to fail, which I have fixed. 2. The script is written to sniff for traffic over UDP, whereas I am using it to sniff over TCP. Hence I changed the script to reflect that.

Stevod's avatar
1
Stevod
answered 2017-11-22 20:57:09 +0000, updated 2017-11-22 20:59:04 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Hi, can you point me to how you solved the first issue? I am trying to decode UDP data as TCP for a project and my Wireshark 1.12.1 on Debian does not seem to allow me to do so when I go into the "Decode As..." menu. Basically, TCP does not appear as a protocol for the transport layer. However, I can do it on Wireshark 2.4.2 on Mac OS 10.12.6. Any help is much appreciated. Thanks!

sharknando's avatar sharknando (2017-12-20 14:40:53 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer