I'm working on a wireshark dissector and I have a part of my dissector that uses a C#.net dll. The objective is to decipher (this is done by the dll) a part of the frame captured by wireshark and to dissect the deciphered frame. The problem is that all my dissectors functions uses a parameter called "buffer" which has a "userdata" type coming from Wireshark, and my dll returns a string.
Example of function :
Is there a way to convert the string into a userdata ? So I can use my functions to dissect the string coming from the dll?
I tried to modify the dll to return a byte type (instead of a string) but I was not able to use this variable like "buffer".
I also tried to send back my string result on the network on localhost using (luasocket) but wireshark doesn't capture the packets in localhost.
asked 09 Jun '15, 06:56
retagged 12 Jun '15, 06:27
For information it's now working :
Those 2 lines allows me to convert my string "decipheredFrame" into a wireshark type "buffer".
answered 11 Jun '15, 00:54
The problem with loopback capture in Windows is a WinPCap issue. Hopefully it will be fixed in future WinPCap updates.
Yes, but before this new version (wich will fix the problem of loopback) : Is there a way to convert a string into a type "buf"?