can't get ZCL cluster id with LUA dissector

asked 2020-06-23 10:38:58 +0000

updated 2020-06-23 12:56:25 +0000

grahamb gravatar image

I have specific data in the payload of a ZCL message, for which I want the (decoded) data to be shown in the packet detail pane.

My dissector as follow:

-- create a new dissector
local NAME = "LM_FCC0"
local CID = 0xFCC0
local LM_FCC0 = Proto(NAME, "lm 0xFCC0 Protocol")

-- dissect packet
function LM_FCC0.dissector (tvb, pinfo, tree)
  pinfo.cols.protocol =" LM Info")enter code here

  local subtree = tree:add(LM_FCC0, tvb())
  length = tvb:len()
  subtree:append_text(", length:" .. length)

DissectorTable.get("zbee.zcl.cluster"):add(CID, LM_FCC0)

when I loaded the dissector, I can find it in the View -> Internals -> Dissector Tables, but the dissector isn't work.

Somebody please guide me what is my mistake?


the attachment is my sniffer log. you can find the 0xFCC0 in the 642 line

I can't upload the attachment. I put the attachment on GitHub. The depositary address is as follows:

edit retag flag offensive close merge delete


Are you sure the CID value is correct for your traffic? Can you share a sample capture?

grahamb gravatar imagegrahamb ( 2020-06-23 11:00:06 +0000 )edit

The ZigBee traffic is encrypted so without the keying info there's not much to look at.

grahamb gravatar imagegrahamb ( 2020-06-23 13:07:19 +0000 )edit

sorry,nwkKey is : 56:E3:CC:61:B2:8F:88:ED:CE:FB:04:39:AA:27:40:45 gravatar image[email protected] ( 2020-06-23 14:44:45 +0000 )edit

sorry, the capture is converted by uibiqua,The data is encrypted on another computer in here.

I will capture it tomorrow using wireshark.

Thank you for you reply. gravatar image[email protected] ( 2020-06-23 15:04:15 +0000 )edit

Hi grahamb,

This problem may not be caused by encryption. I used wireshark to re-capture a new sample capture, it isn't work.

the files(packetNum232_0xFCC0_20200624.pcapng and packetNum232_0xFCC0_PacketInfo.pdf) has been updated to github.

If you are free, can you help me to check it?

thx gravatar image[email protected] ( 2020-06-24 06:15:09 +0000 )edit