Ask Your Question

lua dissector - data from subtree doesn't displayed

asked 2019-01-10 09:44:24 +0000

BMWE gravatar image


I've generated some lua dissector as shown below. However, on Wireshark, I see that Status value is 0xF1000000 but Element1 value is 0 instead of 1.

Where I'm wrong and how to fix it?

f.structureName_elementName1 = ProtoField.uint32("c.structureName.elementName", "Element1", base.dec,FAIL_OK, 0x8000000)
f.Status ="Status","c.Status",ftypes.BYTES)

local Status_subtree=subtree:add_le(f.Status, buffer(100,4))
Status_subtree:add_le(f.structureName_elementName, buffer(100,4))
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-01-10 14:57:01 +0000

cmaynard gravatar image

I'm assuming that the least significant bit of the 4 bytes of the status field in little-endian byte order is the Element1 field?

If that's the case, try changing the mask to isolate the least significant bit instead of the most significant bit, e.g.:

f.structureName_elementName1 = ProtoField.uint32("c.structureName.elementName", "Element1", base.dec, FAIL_OK, 0x0000001)
edit flag offensive delete link more


This is Motorola format - big-endian.

When I used it (by mistake) with little endian, I the value was assigned, but to wrong element

BMWE gravatar imageBMWE ( 2019-01-10 19:52:09 +0000 )edit

OK, so presumably you meant to write the following and once you changed it the problem was solved?

Status_subtree:add(f.structureName_elementName, buffer(100,4))
cmaynard gravatar imagecmaynard ( 2019-01-10 22:14:38 +0000 )edit

Thank you! Issue solved.

BMWE gravatar imageBMWE ( 2019-01-13 06:21:52 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2019-01-10 09:44:24 +0000

Seen: 28 times

Last updated: Jan 10