Wireshark mailing list archives
Save extracted data from reassembled packets
From: Peter Smith <psmith135 () gmail com>
Date: Sun, 21 Feb 2010 21:00:26 +0200
Hi,
I need to extract reassembled packet data in wireshark and either save it to
file or better pass it over stdout to another program. In the latter case I
guess it has to be converted to hex string for safe piping.
I have the following code to get the reassembled WSP payload out of packet
in wireshark
===================================
wsp_extractor = Field.new("wsp")
tap = Listener.new(nil,"wsp")
function tap.packet(pinfo,tvb)
local wsp_pdu = wsp_extractor().range
if wsp_pdu then
print(tostring(wsp_pdu))
end
end
===================================
If the reassembled data comes from several packets I get the following
error:
tshark: Lua: on packet 164 Error During execution of Listener Packet
Callback:
expired tvb
If the extracted data is contained within one packet I get a truncated
string:
8C849832333931423513363030406D6D732E6D74732E6279...
Apparently it should be a straightforward task but I am probably missing
something... What am I doing wrong here?
Thanks.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Save extracted data from reassembled packets Peter Smith (Feb 21)
- Re: Save extracted data from reassembled packets varname (Feb 22)
- Re: Save extracted data from reassembled packets Peter Smith (Feb 22)
- Re: Save extracted data from reassembled packets Peter Smith (Feb 22)
- Re: Save extracted data from reassembled packets Beth (Feb 22)
- Re: Save extracted data from reassembled packets Peter Smith (Feb 22)
- Re: Save extracted data from reassembled packets Peter Smith (Feb 22)
- Re: Save extracted data from reassembled packets varname (Feb 22)
- Re: Save extracted data from reassembled packets Peter Smith (Feb 23)