This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

conversion of string into userdata type like wireshark’s buffer

0

Hi,

I'm working on a wireshark dissector and I have a part of my dissector that uses a C#.net dll. The objective is to decipher (this is done by the dll) a part of the frame captured by wireshark and to dissect the deciphered frame. The problem is that all my dissectors functions uses a parameter called "buffer" which has a "userdata" type coming from Wireshark, and my dll returns a string.

Example of function :

function xxx(buf,pkt,tree)

 local apdu = buf(0,1):uint() 
 local pdu_variant = buf(1,1):uint()    
 local t = root:add(proto_dlms,buf(0))  
 t:append_text( string.format(" %u Bytes", buf:len() ))

end

Is there a way to convert the string into a userdata ? So I can use my functions to dissect the string coming from the dll?

I tried to modify the dll to return a byte[] type (instead of a string) but I was not able to use this variable like "buffer".

I also tried to send back my string result on the network on localhost using (luasocket) but wireshark doesn't capture the packets in localhost.

Thanks!

asked 09 Jun '15, 06:56

SWLuaTest's gravatar image

SWLuaTest
11225
accept rate: 100%

retagged 12 Jun '15, 06:27

izopizo's gravatar image

izopizo
2024714

The problem with loopback capture in Windows is a WinPCap issue. Hopefully it will be fixed in future WinPCap updates.

(09 Jun '15, 07:20) grahamb ♦

Yes, but before this new version (wich will fix the problem of loopback) : Is there a way to convert a string into a type "buf"?

(10 Jun '15, 02:36) SWLuaTest

One Answer:

0

For information it's now working :

local b = ByteArray.new(decipheredFrame)
local bufFrame = ByteArray.tvb(b, "My Tvb")

Those 2 lines allows me to convert my string "decipheredFrame" into a wireshark type "buffer".

answered 11 Jun '15, 00:54

SWLuaTest's gravatar image

SWLuaTest
11225
accept rate: 100%