Ask Your Question
0

LUA script how to get all IPs from DNS.A (dns answer)

asked 2018-10-12 17:58:38 +0000

kermit gravatar image

Hello,

In short, this produces correct result: tshark -r dns_google.pcap -Y dns.a -T fields -e dns.a -e dns.qry.name

result: "172.217.16.46,172.217.20.174,172.217.20.206,216.58.215.78 youtube-ui.l.google.com"

but in case of LUA script (pseudo-code, executed by "tshark -X luascript:hello.lua -r dnsgoogle.pcap -q -2"), this outputs only first IP:

local dnstest = Field.new("dns.a") print("DNS.A = ", dnstest().value)

result: DNS.A = 172.217.16.46 (rest of IPs missing)

So my question is how to display all DNS.A IPs in LUA? Thanks

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-10-12 18:22:08 +0000

cmaynard gravatar image

updated 2018-10-13 08:16:02 +0000

Guy Harris gravatar image

Please refer to the answer to this question on the old Q&A site. Basically, and I quote, "The key is that if there may be multiple values, one must use a lua table as { dns_name() } instead of the singular dns_name()."

edit flag offensive delete link more

Comments

dunno if i'm missing something but the dns_name() provides only multiple dns name answers, where I need IP addresses for those answers. I've tried to use "dns.a" (instead of "dns.resp.name") but it doesn't work. Any ideas? Thanks.

kermit gravatar imagekermit ( 2018-10-13 09:10:53 +0000 )edit

The point was that you need to use a Lua table to process multiple values, not that you should use the dns.resp.name field. If it's not working with dns.a, then maybe you could share your Lua code?

cmaynard gravatar imagecmaynard ( 2018-10-14 15:50:46 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-10-12 17:58:38 +0000

Seen: 48 times

Last updated: Oct 13