I'm having a dickens of a time working with the packet data in my Lua dissector. I'm trying to see if a particular byte has a particular value. This byte exists in three different places in the below code, and all I want to do is test if it contains 0xc4, which is D in ebcdic. I just can't get it right. Any help is appreciated.
local mgi = Proto("mymgi", "Somos MGI Protocol")
local pf_mgi_flag = ProtoField.new("mgi_flag", "mymgi.mgi_flag", ftypes.STRING)
mgi.fields = {
pf_mgi_flag
}
local m_flag = Field.new("mymgi.mgi_flag") -- used for relational operations
function mgi.dissector(tvbuf, pktinfo, root)
pktinfo.cols.protocol:set("SomosMGI")
local pktlen = tvbuf:reported_length_remaining()
local tree = root:add(mgi, tvbuf:range(0,pktlen))
local info_mgi_flag = tvbuf:range(19,1) -- used in wireshark info column
tree:add(pf_mgi_flag, tvbuf:range(19,1)) -- used in protocol tree
pktinfo.cols.info:append("FLAG=")
pktinfo.cols.info:append("".. info_mgi_flag ..",")
return pktlen
DissectorTable.get("tcp.port"):add(6110, mgi)
By the way, in the Wireshark tree it prints as \357\277\275, but in the Info column it displays as c4. In the hex packet display it is also c4. And if I do print ((string.char(0xc4))), this character prints Ä
Thank you,
Jerry
