Hi there,
I'm trying to write my first Lua dissector for Wireshark. I have a
really simple dissector set up which I attached below. It populates the
data tree alright, but I would like to be able to search on the field I
defined, wc.packetid. wc.packetid shows up as a searchable type in the
expression field, but doesn't seem to be populated. Could someone tell
me what I'm missing?
Thanks!
Rob Y
-- trivial protocol example
-- declare our protocol
trivial_proto = Proto("WC","WC Protocol")
-- create a function to dissect it
xdPacketFieldProto = ProtoField.uint32("wc.packetid", "Packet ID")
trivial_proto.fields = {wcPacketFieldProto}
function trivial_proto.dissector(buffer,pinfo,tree)
pinfo.cols.protocol = "XC"
local subtree = tree:add(trivial_proto,buffer(),"WC Protocol")
subtree:add(ProtoField.uint32("xd.packetid", "Packet ID"),"Protocol
Type is: " .. buffer(15,1):uint())
end
-- load the udp.port table
udp_table = DissectorTable.get("udp.port")
-- register our protocol to handle udp port 21230
udp_table:add(21230,trivial_proto)