I am using wireshark capturing WLAN traffic with AirPcap. All traffic in WLAN network is always encrypted with WPA/WPA2. So to be able to make analysis I use wireshark to decrypt traffic. Is there way for lua dissector to access this decrypted data ? It seems that some dissector are able to access decrypted data since wireshark recognizes for example ARP messages from decrypted traffic. Or is this only possible to dissectors written in c? asked 07 Oct '11, 00:48  Sio |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
One way to get around this problem could be to output capture with tshark as hex dump, and then use text2pcap to make it again capture file. But this sounds bit too complicated.
OK, I realized I have made newbie error and did not provide enough information. My dissector is post dissector. This was because I did not want to restrict dissection to any specific port number. Since protocol I want to dissect uses user configurable port number.
If I register my dissector as udp dissector, everything works fine and my dissector dissects decrypted data. But as post dissector it does not have access to decrypted data. I am still interested is it possible to make it work as post dissector?
May be you'd provide some source code link to review for possible errors?