Wireshark-dev: Re: [Wireshark-dev] Listener (Tap) in Lua to write SSL cert bytes

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Rion Carter <rion@xxxxxxxxxx>
Date: Fri, 24 May 2013 17:23:55
Thank you for the tip, I've learned something new.

Rion

Sent from my BlackBerry 10 smartphone.

From: Evan Huus
Sent: Friday, May 24, 2013 10:49 PM
To: Developer support list for Wireshark
Reply To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Listener (Tap) in Lua to write SSL cert bytes

On Fri, May 24, 2013 at 12:08 PM, Rion Carter <rion@xxxxxxxxxx> wrote:
When I look at the capture in the UI I see this:

Secure Sockets Layer
-TLSv1 Record Layer: Handshake Protocol: Certificate
--Content Type: Handshake (22)
--Version: TLS 1.0 (0x0301)
--Length: 1295
--Handshake Protocol: Certificate
----Handshake Type: Certificate (11)
----Length: 1291
----Certificates Length: 1288
----Certificates (1288 bytes) 
------Certificate Length: 1285
------Certificate (...)

It is the 'Certificate' field that contains what I need. When I try Field.New("certificate") in my Lua script I get a message of "A field with this name must exist".

If you select the field then look in the status-bar at the bottom that will give you the field name (looks like ssl.handshake.certificate was right the first time).

It sounds like you don't want the value of the field, but the raw packet bytes that the field was extracted from. I'm not sure how to do that in Lua, hopefully somebody else will.

Evan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe