LUA: Accessing multiple smb2.msg_id values

Question

Hi, I'm writing some code that includes the parsing of SMB2 packets. Some packets have, say, three SMB2 apdus. If I use wireshark Apply as column the smb2.msg_id field I see all three msg_id values in the Packet List separated by commas. If I access the msg_id value in my LUA script I get the first msg_id in the packet only.

How can I access all the msg_id values?

Thanks and regards...Paul

Answer 1

Gerald Combs asked a similar question years ago on the Wireshark developers mailing list, and Tamás Regõs provided a response that you may find useful.

To quote:

In case the field occurrence is more than 1 then result of the Field.new will be a table/array and not just 1 value.
Try something like this:
ip_src_f = Field.new(&quot;ip.src&quot;)
local ip_src_table = { ip_src_f() }

for i,ip_src in ipairs(p_src_table) do
    local src = tostring(ip_src.value)
    -- ....
  end</code></pre><p>Ref: <a href="https://www.wireshark.org/lists/wireshark-dev/201005/msg00115.html">https://www.wireshark.org/lists/wireshark-dev/201005/msg00115.html</a>.</p></div><div class="answer-controls post-controls"></div><div class="post-update-info-container"><div class="post-update-info post-update-info-user"><p>answered <strong>26 Aug '14, 12:54</strong></p><img src="https://secure.gravatar.com/avatar/55158e2322c4e365a5e0a4a0ac3fbcef?s=32&amp;d=identicon&amp;r=g" class="gravatar" width="32" height="32" alt="cmaynard&#39;s gravatar image" /><p><span>cmaynard ♦♦</span><br />

9.4k●10●38●142

accept rate: 20%