This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

lte rrc decoding using lua script

0

Hi All, I'm new to lua script development. I'm trying to get dissector = Dissector.get(lte-rrc.bcch.bch) but getting error "No such dissector" .I want to decode lte RRC message by identifying logical channel that is "on UDP port number 9999 will be receiving : 1 byte (Logical channel detail) + lte RRC Hex dump" based on 1st byte need to decode lte RRC hex dump. can you please help me on this . Thanks in advance.

asked 07 Jun '16, 07:05

Senthil's gravatar image

Senthil
6113
accept rate: 0%

edited 07 Jun '16, 07:06

grahamb's gravatar image

grahamb ♦
19.8k330206

One Answer:

1

It's strange you get a different error than me (maybe a different Wireshark version), but the mistake you've made are just the missing quotes around the dissector name, you have to use

dissector = Dissector.get("lte-rrc.bcch.bch")

answered 07 Jun '16, 08:38

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Thanks sindy. Now i am not getting this error. I have a follow up question: Not seeing any impact when I'm using tshark -r lte.pcap -X lua_script:sample.lua -X 'read_format:sample'. My Code is below (modified the code based on available example in internet), please help me on this

do
  myrrc_proto = Proto("myrrc","myrrc","myrrc Protocol")

function myrrc_proto.init()
myrrc = {
[0] = Dissector.get("lte-rrc.ul.ccch"),
[1] = Dissector.get("lte-rrc.dl.ccch"),
[2] = Dissector.get("lte-rrc.pcch"),
[3] = Dissector.get("lte-rrc.bcch.bch"),
[4] = Dissector.get("lte-rrc.bcch.dl.sch"),
[5] = Dissector.get("lte-rrc.ul.dcch"),
[6] = Dissector.get("lte-rrc.ul.dcch"),
}
end


function myrrc_proto.dissector(buffer,pinfo,tree)
local msgtype = buffer(0,1):uint()
local payload = buffer(1):tvb()
local dissector=myrrc[msgtype]
pinfo.cols.protocol =dissector
myrrc[msgtype].dissector:call(payload,pinfo,tree)
end


local wtap_encap_table = DissectorTable.get("wtap_encap")
wtap_encap_table:add(wtap.USER1, myrrc_proto)


end
(07 Jun ‘16, 20:01) Senthil

House rules: any Answer must answer the original Question, all other posts are Comments. See site FAQ for details on this one and for other house rules.

Now I don’t understand what exactly did you expect to happen when you’ve used -X ‘read_format:sample’. Can you publish an example of your lte.pcap file (of at least several packets)? Normally the preferred way to publish captures is to upload them to Cloudshark, but as your one may be in an unusual format, any plain file sharing service (Dropbox, Google drive, …) is a better option in this exceptional case. Files have to be published login-free, that’s why I mention “several packets” if you are afraid of any privacy issues.

(07 Jun ‘16, 22:43) sindy