This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I get the acknowledgement number for a packet in Wireshark using Lua?

0

I am writing a Lua dissector for a protocol on top of the TCP protocol. It needs to store the acknowledgment number of request packets, in order to determine which is the corresponding response packet.

For example I can get the packet number with pinfo.number, is there any similar way I can access the acknowledgement number?

asked 07 May '12, 03:20

Ville's gravatar image

Ville
1112
accept rate: 0%

edited 07 May '12, 03:55

What protocol are you dissecting?

(07 May '12, 03:37) helloworld

A special protocol on top of the TCP protocol.

(07 May '12, 03:56) Ville
One Answer:
active answersoldest answersnewest answerspopular answers
0

You can define the desired fields with Field.new() and then use the field definitions in the dissector function.

-- define the fields
tcp_srcp_f = Field.new("tcp.srcport")
tcp_dstp_f = Field.new("tcp.dstport")
tcp_ack_f = Field.new("tcp.ack")
tcp_seq_f = Field.new("tcp.seq")

function tcp_test_proto.dissector(buffer,pinfo,tree)
-- use the fields in the dissector
local sport = tcp_srcp_f()
local dport = tcp_dstp_f()
local ack = tcp_ack_f()
local seq = tcp_seq_f()
...
end

Regards
Kurt

permanent link

answered 07 May '12, 06:57

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 07 May '12, 06:58

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×752
×637
×431
×12
×3

question asked: 07 May '12, 03:20

question was seen: 4,466 times

last updated: 07 May '12, 06:58

Related questions

getting PDUs length

Complex Lua TCP Reassembly Problem

How dissect two segments of one protocol in the same packet , in the same TCP segment (LUA)?

TCP Dissector, detect which endpoint opened the connection?

Lua - Dissector Functions, Buffered Data, and TCP Reconstruction

Lua TCP reassembly

How to recognize whether a packet is tcp or udp?

LUA dissector set pinfo.cols.info question

Lua dissector failing: occasionally returns nil values instead of TCP endpoints for valid packets

During reassembly of a protocol running on top of TCP, setting desegment_offset=0 and desegment_len=DESEGMENT_ONE_MORE_SEGMENT seems to break down the behavior stated in README.dissector. Is this expected?

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A