Re: DBus dissector in lua

[Peter Wu <peter () lekensteyn nl>]

Hi Maik,

On Mon, May 18, 2020 at 03:20:14PM +0200, Maik Scholz wrote:
> Hi,
>
> i like to implement a dissector for DBus messages read from pcap file.
> Is this possible?

A DBus dissector already exists. If your libpcap library is built with
DBus support, you can capture such traffic. This is the case on Arch
Linux, but not Ubuntu 20.04 for example.

> If yes, do you have got a short example?
>
> I like to filter for some specific interface id.

You can try a display filter such as:

    dbus.value.str == "org.freedesktop.DBus"

Unfortunately the dissector does not have separate field for matching an
interface specifically, but this should hopefully be good enough.
Alternatively, you can select the "Header Field: INTERFACE" field,
open a context menu and use "Prepare as Filter". Then change the begin
"frame[..:..] ==" to something like:

    dbus contains 02:01:73:00:14:00:00:00:6f:72:67:2e:...

This will match the literal byte pattern representing this interface
match. For more details about this filter, see
https://www.wireshark.org/docs/man-pages/wireshark-filter.html
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe