This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Retrieve hex values in Lua

0

I'm extracting values from PDML output of TShark like wlan_mgt.ssid, and I'd like to change to Lua for efficiency issues.

For the moment, I get the hex value in case there're weird ASCII characters, directly from the PDML: <field name="wlan_mgt.ssid" showname="SSID: Livebox-6325" size="12" pos="63" show="Livebox-6325" value="4c697665626f782d36333235"/>

From the few tests I've made with Lua and the Packet Tree in https://wiki.wireshark.org/Lua/Examples#View_Packet_Tree_of_Fields.2FFieldInfo, I just can get the ASCII version of the SSID, not the hexa version.

-> Is there an easy way to get the hexa version of wlan_mgt.ssid in Lua? (If you have a short piece of code, I take it, I've no idea where to start) -> Or the dissector doesn't have the hexa info, only the ASCII and I have to take the whole hexa and find the offset?

asked 24 Jun '15, 14:25

TomLaBaude's gravatar image

TomLaBaude
66171724
accept rate: 66%

One Answer:

0

The "string" you're getting is a Lua string, so you can convert it to a string of hex characters by either (1) writing a function to do so in Lua, or (2) if you're running Wireshark 1.12, then use the built-in Struct.tohex() function, for example:

local orig = myfield.value()
local hex_orig = Struct.tohex(orig)
print("The hex version of my orig string = " .. hex_orig)

The full function with other options is documented here: API doc for Struct in section 11.13.1.5.

answered 24 Jun '15, 15:04

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

It doesn't work when the string is weird like for ex with original hexa "6b6576696ee2809973206950686f6e6520" String value is "kevin���s iPhone"

I can't retrieve the original hex version, instead I get "6B6576696EEFBFBDEFBFBDEFBFBD73206950686F6E6520"

(24 Jun '15, 23:42) TomLaBaude

How exactly are you retrieving it? Can you paste a code snippet?

(26 Jun '15, 07:22) Hadriel