我使用Lua编写了一个自定义wireshark解剖器,可以在安装时按预期成功解析数据包。
当我尝试导出数据包解析时#39 '作为JSON'但是,我的自定义解剖器处理的所有字段都按如下方式导出:
"_ws.lua.text": ""
这是一个更广泛的片段:
"_ws.lua.fake": "",
"my_protocol": {
"_ws.lua.text": {
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": ""
},
"_ws.lua.text": {
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": "",
"_ws.lua.text": ""
},
"_ws.lua.text": ""
我需要做些什么才能让我的自定义解剖器处理的字段正确导出?
答案 0 :(得分:0)
我有同样的问题。我调整了解剖器,因此摆脱了“ _ws.lua.text”,但是没有了假货。我的解剖器以前是这样的:
my_proto=Proto("my_proto", "My custom Protocol", "My custom Protocol")
*something something*
local my_proto_packet = tree:add(my_proto, buffer(),"My custom protocol");
value = buffer(curPos,4):uint();
local valueNode = my_proto_packet:add_le(buffer(curPos, 4), "value = " .. value)
“值= 3.8”-字符串显示在Wireshark中。
我添加了一个ProtoField变量,并将其添加到proto.fields数组中。然后更改valueNode的定义,现在看起来像这样:
my_proto=Proto("my_proto", "My custom Protocol", "My custom Protocol")
local field_myproto_intfield = ProtoField.uint32("myproto.intfield", "Integer", base.DEC)
my_proto.fields = { field_myproto_intfield }
local my_proto_packet = tree:add(my_proto, buffer(),"My custom protocol");
*something something*
valueNode:add(field_myproto_intfield, buffer(curPos, 4))