This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

Google and Wireshark forum don’t give me exact answer on my problem that’s why decided to post this question here. I have a LUA script that parse the pcap file. In packet I have a field “gsm_map.ms.requestedInfo_element”. This field is a label and does not have the value. That’s why I would like to get the bytes from this field. Please help me to get the bytes which are connected to this field only.

Thanks in advance!

asked 26 Apr '16, 01:20

domeno's gravatar image

domeno
216611
accept rate: 0%

What does your LUA script have to do with the GSM map dissector? I assume you have gsm_map somehow encapsulated, and this LUA scripts takes care of that.

Furthermore the field you reference is a BER encoded sequence, handled by the GSM map dissector, see dissect_gsm_map_ms_RequestedInfo()

(26 Apr '16, 03:53) Jaap ♦

https://ask.wireshark.org/users/4/jaap

I use following: --we're intercepting SSN range 6-9 for GSM MAPlocal sccp_tbl = DissectorTable.get("sccp.ssn") -- get the TCAP dissector tcap_dissector = sccp_tbl:get_dissector(6) -- replace it with our proxy dissector, for the 6-9 range sccp_tbl:set("6-9", proxy)

"proxy" is my own proto with some fields which then i write to the file. Now I want to write to the file the all bytes of the field "gsm_map.ms.requestedInfo_element". I thought that LUA has a function that could show the bytes of the specified name of the field or may be position and length of bytes in the buf for specified field.

(26 Apr '16, 04:23) domeno
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×431
×238
×32

question asked: 26 Apr '16, 01:20

question was seen: 2,006 times

last updated: 26 Apr '16, 04:24

p​o​w​e​r​e​d by O​S​Q​A