can't get ZCL cluster id with LUA dissector
I have specific data in the payload of a ZCL message, for which I want the (decoded) data to be shown in the packet detail pane.
My dissector as follow:
-- create a new dissector
local NAME = "LM_FCC0"
local CID = 0xFCC0
local LM_FCC0 = Proto(NAME, "lm 0xFCC0 Protocol")
-- dissect packet
function LM_FCC0.dissector (tvb, pinfo, tree)
pinfo.cols.protocol = LM_FCC0.name
pinfo.cols.info:prepend_text(" LM Info")enter code here
local subtree = tree:add(LM_FCC0, tvb())
length = tvb:len()
subtree:append_text(", length:" .. length)
end
DissectorTable.get("zbee.zcl.cluster"):add(CID, LM_FCC0)
when I loaded the dissector, I can find it in the View -> Internals -> Dissector Tables, but the dissector isn't work.
Somebody please guide me what is my mistake?
//modify+++++++++++++++++
the attachment is my sniffer log. you can find the 0xFCC0 in the 642 line
I can't upload the attachment. I put the attachment on GitHub. The depositary address is as follows: https://github.com/Huihh/problem
Are you sure the CID value is correct for your traffic? Can you share a sample capture?
The ZigBee traffic is encrypted so without the keying info there's not much to look at.
sorry,nwkKey is : 56:E3:CC:61:B2:8F:88:ED:CE:FB:04:39:AA:27:40:45
sorry, the capture is converted by uibiqua,The data is encrypted on another computer in here.
I will capture it tomorrow using wireshark.
Thank you for you reply.
Hi grahamb,
This problem may not be caused by encryption. I used wireshark to re-capture a new sample capture, it isn't work.
the files(packetNum232_0xFCC0_20200624.pcapng and packetNum232_0xFCC0_PacketInfo.pdf) has been updated to github.
If you are free, can you help me to check it?
thx