Reputation: 2566
Wireshark Data as ASCII
I am polling a remote oscilloscope and the answer is "almost" pure ASCII:
"Almost" because the 4-byte header 80 00 00 15 (15 is the length of the ASCII message, in this case 21 bytes) doesn't let me decode the payload as ASCII in the column Data (neither when set as Custom/data.data nor Custom/data.text):
Edit > Preferences > Protocols > Data has been already set as Show data as text
I would like to read the ASCII text as in Follow TCP Stream, where it is decoded correctly and the invalid ASCII codes changed to .:
Is there a way to remove the first 4 bytes without writing a dissector? I have no knowledge of Lua and no idea about how to write the dissector anyway: 10.3. Example: Dissector written in Lua is well above my understanding. Any pointer to a published solution that I can easily adapt is welcome.
Thank you
Upvotes: 1
Views: 6243
Answers (1)
Reputation: 2566
Following MikaS tutorial (very easy and well made!) I wrote this LUA dissector:
yokogawa_protocol = Proto("YokogawaWT3000", "Yokogawa WT3000 Protocol")
message_header0 = ProtoField.int32("yokogawa_protocol.message_header0", "messageHeader0", base.DEC)
message_header1 = ProtoField.int32("yokogawa_protocol.message_header1", "messageHeader1", base.DEC)
message_header2 = ProtoField.int32("yokogawa_protocol.message_header2", "messageHeader2", base.DEC)
message_length = ProtoField.int32("yokogawa_protocol.message_length", "messageLength", base.DEC)
message_ascii = ProtoField.string("yokogawa_protocol.message_ascii", "messageAscii", base.ASCII)
yokogawa_protocol.fields = { message_header0, message_header1, message_header2, message_length, message_ascii }
function yokogawa_protocol.dissector(buffer, pinfo, tree)
length = buffer:len()
if length == 0 then return end
pinfo.cols.protocol = yokogawa_protocol.name
local subtree = tree:add(yokogawa_protocol, buffer(), "Yokogawa WT3000 Protocol Data")
subtree:add(message_header0, buffer(0,1)) -- fixed h80
subtree:add(message_header1, buffer(1,1)) -- fixed h00
subtree:add(message_header2, buffer(2,1)) -- fixed h00
subtree:add(message_length, buffer(3,1)) -- ascii length
subtree:add(message_ascii, buffer(4, length-4)) -- ascii text
end
local tcp_port = DissectorTable.get("tcp.port")
tcp_port:add(10001, yokogawa_protocol)
Right-click on messageAscii, then "Apply as Column", let me see the decoded value for each message in a new column.
Thanks everybody
Upvotes: 1
Related Questions
- Convert Userdata to hex in Wireshark Dissector
- lua tables - string representation
- Lua - Display field ASCII Dissector
- Converting HEX to ASCII in Lua Dissector
- Converting bytes to table in Lua doesn't work in 5.2.4
- Wireshark dissector in Lua - userdata
- Conversion of sequence of bytes to ASCII string in lua
- wireshark lua dissector to get uncompressed entity body
- How to convert data from packet to integer in Wireshark using a Lua Dissector?
- Wireshark Dissector in Lua