Hi, i´am nearly ready with my own dissector. At least i want to colorize my the table-row from a mailformed frame.

How can i do this?

actual Error Routine:

    local Frame_OK = 1
if buffer:len() < 10 then 
      Frame_OK = 0 
      TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "ERROR - payload Length < 10 bytes!" )
if Frame_OK == 1 then
      if not (buffer(0,1):uint() == 91)  
         or not (buffer(8,1):uint() == 124) 
         or not (buffer(buffer:len()-1,1):uint() == 93) then   
        Frame_OK = 0 
        TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "ERROR - identifyer mismatch! " )   
    if Frame_OK == 1 then
      TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "OK" ) 

thanks for your help... Pfanne

asked 09 Jun '11, 12:31

Pfanne's gravatar image

accept rate: 0%

retagged 10 Jun '11, 18:18

helloworld's gravatar image


You can use the expert system to mark the malformed part of the frame. See epan/expert.h. The severity of the expert message will determine it's color. In case of a malformed PDU, the proper group would be "PI_MALFORMED" with severity "Error".

See also: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvExpert.html


answered 09 Jun '11, 13:18

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

edited 09 Jun '11, 13:18

Oops, I just noticed that you use LUA, I'm not sure the LUA-API does include the expert info stuff too... Maybe someone else can answer that...

(09 Jun '11, 13:19) SYN-bit ♦♦

Hi, thank´s for your fast answers.

I have seen your links also bevor, my problem ist the lua-syntax. Can you give me a specific hint in my code?

(09 Jun '11, 13:25) Pfanne

You should be able to use the Lua "set_expert_flags" or "add_expert_info" methods on a Treeitem; see the Lua API entry for Treeitem.

(09 Jun '11, 13:35) Guy Harris ♦♦
TreeNode = TreeNode_E1:add_expert_info(PI_MALFORMED, PI_ERROR, "identifyer mismatch!")

that´s it, very usefull hint!, thank´s Guy Harris.

My UDP-Command-dissactor is ready!!!

Thank´s to all people who help me.

Greets from Hamburg Pfanne

(10 Jun '11, 10:01) Pfanne

You colorize packets by adding a color rule that matches something you put into the protocol tree for the error.


answered 09 Jun '11, 12:57

Guy%20Harris's gravatar image

Guy Harris ♦♦
accept rate: 19%

to Guy Harris

is there no way to integrate the color error into my lua-code?

(09 Jun '11, 13:27) Pfanne

There's no way for a dissector to directly do anything about color, as the environment in which dissectors run knows nothing about color (by design - there's no guarantee that the output of the dissector will be in an environment where things can be colored, and the user should be allowed to control colorization in any case).

(09 Jun '11, 13:32) Guy Harris ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 09 Jun '11, 12:31

Seen: 3,931 times

Last updated: 10 Jun '11, 18:22

p​o​w​e​r​e​d by O​S​Q​A