Save to your "Personal Lua Plugins" folder as a ".lua" file.
-- 241222_data_strings.lua - change non-printable data.data characters to "."
-- Based on EASYPOST.lua
-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
version = "1.0.0",
author = "Good Coder",
description = "Important EASYPOST stuff",
repository = "Floppy in top drawer"
}
set_plugin_info(easypost_info)
-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("easypost.payload", "EASYPOST string") }
easypost_p.fields = pf
-- Step 4 - create a Field extractor to copy packet field data.
easypost_payload_f = Field.new("data.data")
-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
local subtree = nil
-- copy existing field(s) into table for processing
finfo = { easypost_payload_f() }
if (#finfo > 0) then
if not subtree then
subtree = tree:add(easypost_p)
end
for k, v in pairs(finfo) do
-- process data and add results to the tree
local field_data = v.range:bytes():raw()
local field_str = string.gsub(field_data, '[%z]', ".")
subtree:add(pf.payload, field_str)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(easypost_p)
Frame 1: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface Fake IF, Import from Hex Dump, id 0
Ethernet II, Src: Send_00 (20:53:45:4e:44:00), Dst: Receive_00 (20:52:45:43:56:00)
Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.2.2.2
User Datagram Protocol, Src Port: 1234, Dst Port: 0
Data (59 bytes)
Data: 370000000353454c45435420416472657373652c20474b2046524f4d206175737765697364617465692057484552452041647265737365203d2039
[Length: 59]
Important EASYPOST Protocol
EASYPOST string: 7...\x03SELECT Adresse, GK FROM ausweisdatei WHERE Adresse = 9
Is this something you want from the gui or would like to script with tshark?
In the end I just want to have the data as text. In the gui as a new row would be nice but having this as a csv file generated through a script would also be sufficient. Right now I just export the data as csv and convert it in a hex editor to text. It would help a lot if this would work inside of wireshark.