plugin not functioning as intended

asked 2023-02-18 17:07:22 +0000

Allan
1

I,ve been trying to use this plugin although it does show up as intended. there is no decode as prompt and no "enable" checkbox

P.S if you're wondering where I got help to set it up. it was on chatgpt and im on Mac so I can't follow the instructions on the GitHub page

edit retag flag offensive close merge delete

Comments

Can you update the question with the output of wireshark -v or Help->About Wireshark:Wireshark.
Is it possible to share a sample capture file?

Chuckc ( 2023-02-19 14:43:33 +0000 )edit

@Chuckc Here you go

Version 4.0.3 (v4.0.3-0-gc552f74cdc23).

Compiled (64-bit) using Clang 11.0.0 (clang-1100.0.33.16), with GLib 2.68.4,
with PCRE2, with zlib 1.2.11, with Qt 6.2.4, with libpcap, without POSIX
capabilities, with Lua 5.2.4, with GnuTLS 3.6.15 and PKCS #11 support, with
Gcrypt 1.8.7, with Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with
brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9, with libsmi
0.4.8, with QtMultimedia, with automatic updates using Sparkle, with SpeexDSP
(using system library), with Minizip, with binary plugins.

Running on Mac OS X 10.16, build 21F2081 (Darwin 21.5.0), with Apple M2 (with
SSE4.2), with 8192 MB of physical memory, with GLib 2.68.4, with PCRE2 10.39
2021-10-29, with zlib 1.2.11, with Qt ...

(more)

Allan ( 2023-02-19 18:51:31 +0000 )edit

Ok. Thats current Wireshark including Lua.
Did you exit Wireshark and go back in after putting the Lua file in the Lua plugin folder?
Did you add to the Personal or Global Lua Plugin folder?

I had to exit Wireshark and go back in to have ROBLOX appear in the Decode As... ports.
There is a simple UDP capture file to test with - chargen-udp.pcap (libpcap) Chargen over UDP. - on the Wiki Sample Captures page.

"Works on my Windows 10 system" isn't much help other than to show that the dissector is functional.

Chuckc ( 2023-02-19 19:17:52 +0000 )edit

I put the folder in my personal Lua plugins folder

Allan ( 2023-02-20 17:18:11 +0000 )edit

Did you test with chargen-udp.pcap?
It's not ROBLOX but the dissector doesn't care as long as it has UDP to work with.

Chuckc ( 2023-02-20 18:05:08 +0000 )edit

see more comments

answered 2023-02-20 18:42:02 +0000

Chuckc
2968 ●6 ●600 ●20

(temporary answer to share screen shot)
It should decode as chargen with default settings but can be set to Decode As...

image description

edit flag offensive delete link

Comments

thanks. although I don't think decode as done anything as I don't see any differences in the packet data I've tried chargen and ROBLOX but the packet data is the same.

Allan ( 2023-02-20 19:00:48 +0000 )edit

Do you mean the Packet Details in the lower left pane?
Can you share the dissection layers by right clicking on Frame 1 then Copy->All Visible Items and posting here.

Chuckc ( 2023-02-20 19:15:17 +0000 )edit

Im talking about the window on the bottom right part of the screen, isnt the plugin meant to decode it?

Allan ( 2023-02-20 19:43:58 +0000 )edit

The “Packet Bytes” Pane - "The packet bytes pane shows the data of the current packet (selected in the “Packet List” pane) in a hexdump style."
The Lua plugin/dissector is going to add fields/data to the Packet Details pane.

-- Set up all possible packet fields.
local field = {}
...
    if id == ID.OPEN_CONNECTION_REQUEST_1 then
        local packet = tree:add(roblox, buf(0))
        packet:add(field.id,           buf(0,1))
        packet:add(field.magic,        buf(1,16))
        packet:add(field.proto_ver,    buf(17,1))
        packet:add(field.null_padding, buf(18)

Chuckc ( 2023-02-20 20:10:28 +0000 )edit

What kind of data?

Allan ( 2023-02-21 08:46:35 +0000 )edit

see more comments

plugin not functioning as intended

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

plugin not functioning as intended edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

plugin not functioning as intended