Ask Your Question
0

how to get right filter for private protocol decoded by lua plugin

asked 2024-04-11 15:20:29 +0000

navahoo gravatar image

I used to lua plugin to decode private protocol package , the special part is there have multiple data packets in one UDP packet. such as. [PrviatePacket 1] [PrviatePacket 2] [PrviatePacket 3], thanks lua plugin, these can be decoded in wireshark.

But when i use filter function , the right packet can't be displayed, such as I want to use " field1 == A && field2 ==B" as the filter , there have a lot packets was filtered , because if field1== A is in any of [PrviatePacket 1] [PrviatePacket 2] [PrviatePacket 3] and field2== B is in any of [PrviatePacket 1] [PrviatePacket 2] [PrviatePacket 3], this UDP packet will be treated as filtered, so how to solve this to get right filter ?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-04-11 15:53:23 +0000

Chuckc gravatar image

Similar to How to filter by item?

You could modify the Lua code to add another field (possibly hidden) to use for searching.

If there are just a few PrivatePackets per UDP packet, implementing the Display Filter Macro may be quicker.

You might want to make a display filter macro for it like

macro name: PPfields

macro expression: (PrivatePacket.field1[1]==$1 and PrivatePacket.field2[1]==$2) or (PrivatePacket.field1[2]==$1 and PrivatePacket.field2[2]==$2) or (PrivatePacket.field1[3]==$1 and PrivatePacket.field2[3]==$2) or (PrivatePacket.field1[4]==$1 and PrivatePacket.field2[4]==$2)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-04-11 15:20:29 +0000

Seen: 123 times

Last updated: Apr 11