This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am using wireshark capturing WLAN traffic with AirPcap. All traffic in WLAN network is always encrypted with WPA/WPA2. So to be able to make analysis I use wireshark to decrypt traffic. Is there way for lua dissector to access this decrypted data ?

It seems that some dissector are able to access decrypted data since wireshark recognizes for example ARP messages from decrypted traffic. Or is this only possible to dissectors written in c?

asked 07 Oct '11, 00:48

Sio's gravatar image

Sio
1111
accept rate: 0%

One way to get around this problem could be to output capture with tshark as hex dump, and then use text2pcap to make it again capture file. But this sounds bit too complicated.

(10 Oct '11, 04:44) Sio

OK, I realized I have made newbie error and did not provide enough information. My dissector is post dissector. This was because I did not want to restrict dissection to any specific port number. Since protocol I want to dissect uses user configurable port number.

If I register my dissector as udp dissector, everything works fine and my dissector dissects decrypted data. But as post dissector it does not have access to decrypted data. I am still interested is it possible to make it work as post dissector?

(10 Oct '11, 06:27) Sio

May be you'd provide some source code link to review for possible errors?

(08 Nov '11, 20:23) ShomeaX
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×431
×165

question asked: 07 Oct '11, 00:48

question was seen: 2,679 times

last updated: 08 Nov '11, 20:23

p​o​w​e​r​e​d by O​S​Q​A