LUA script how to get all IPs from DNS.A (dns answer)

asked 2018-10-12 17:58:38 +0000

kermit


In short, this produces correct result: tshark -r dns_google.pcap -Y dns.a -T fields -e dns.a -e

result: ",,,"

but in case of LUA script (pseudo-code, executed by "tshark -X luascript:hello.lua -r dnsgoogle.pcap -q -2"), this outputs only first IP:

local dnstest ="dns.a") print("DNS.A = ", dnstest().value)

result: DNS.A = (rest of IPs missing)

So my question is how to display all DNS.A IPs in LUA? Thanks

answered 2018-10-12 18:22:08 +0000

cmaynard

updated 2018-10-13 08:16:02 +0000

Guy Harris

Please refer to the answer to this question on the old Q&A site. Basically, and I quote, "The key is that if there may be multiple values, one must use a lua table as { dns_name() } instead of the singular dns_name()."

dunno if i'm missing something but the dns_name() provides only multiple dns name answers, where I need IP addresses for those answers. I've tried to use "dns.a" (instead of "") but it doesn't work. Any ideas? Thanks.

kermit ( 2018-10-13 09:10:53 +0000 )

The point was that you need to use a Lua table to process multiple values, not that you should use the field. If it's not working with dns.a, then maybe you could share your Lua code?

cmaynard ( 2018-10-14 15:50:46 +0000 )

Asked: 2018-10-12 17:58:38 +0000

