Ask Your Question

LUA script how to get all IPs from DNS.A (dns answer)

asked 2018-10-12 17:58:38 +0000

kermit gravatar image


In short, this produces correct result: tshark -r dns_google.pcap -Y dns.a -T fields -e dns.a -e

result: ",,,"

but in case of LUA script (pseudo-code, executed by "tshark -X luascript:hello.lua -r dnsgoogle.pcap -q -2"), this outputs only first IP:

local dnstest ="dns.a") print("DNS.A = ", dnstest().value)

result: DNS.A = (rest of IPs missing)

So my question is how to display all DNS.A IPs in LUA? Thanks

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-10-12 18:22:08 +0000

cmaynard gravatar image

updated 2018-10-13 08:16:02 +0000

Guy Harris gravatar image

Please refer to the answer to this question on the old Q&A site. Basically, and I quote, "The key is that if there may be multiple values, one must use a lua table as { dns_name() } instead of the singular dns_name()."

edit flag offensive delete link more


dunno if i'm missing something but the dns_name() provides only multiple dns name answers, where I need IP addresses for those answers. I've tried to use "dns.a" (instead of "") but it doesn't work. Any ideas? Thanks.

kermit gravatar imagekermit ( 2018-10-13 09:10:53 +0000 )edit

The point was that you need to use a Lua table to process multiple values, not that you should use the field. If it's not working with dns.a, then maybe you could share your Lua code?

cmaynard gravatar imagecmaynard ( 2018-10-14 15:50:46 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-10-12 17:58:38 +0000

Seen: 812 times

Last updated: Oct 13 '18