This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to get byte value of the specified field?

0

Hi,

Google and Wireshark forum don’t give me exact answer on my problem that’s why decided to post this question here. I have a LUA script that parse the pcap file. In packet I have a field “gsm_map.ms.requestedInfo_element”. This field is a label and does not have the value. That’s why I would like to get the bytes from this field. Please help me to get the bytes which are connected to this field only.

Thanks in advance!

asked 26 Apr '16, 01:20

domeno's gravatar image

domeno
216611
accept rate: 0%

What does your LUA script have to do with the GSM map dissector? I assume you have gsm_map somehow encapsulated, and this LUA scripts takes care of that.

Furthermore the field you reference is a BER encoded sequence, handled by the GSM map dissector, see dissect_gsm_map_ms_RequestedInfo()

(26 Apr '16, 03:53) Jaap ♦

https://ask.wireshark.org/users/4/jaap

I use following: --we're intercepting SSN range 6-9 for GSM MAPlocal sccp_tbl = DissectorTable.get("sccp.ssn") -- get the TCAP dissector tcap_dissector = sccp_tbl:get_dissector(6) -- replace it with our proxy dissector, for the 6-9 range sccp_tbl:set("6-9", proxy)

"proxy" is my own proto with some fields which then i write to the file. Now I want to write to the file the all bytes of the field "gsm_map.ms.requestedInfo_element". I thought that LUA has a function that could show the bytes of the specified name of the field or may be position and length of bytes in the buf for specified field.

(26 Apr '16, 04:23) domeno