Re: How to evaluate hex/ebcdic packet data LUA

[Dirk Laurie <dirk.laurie@...>]

2016-10-24 4:44 GMT+02:00 Jerry White <jerrywhite518@gmail.com>:
> I'm having a dickens of a time working with the packet data in my Lua
> dissector. I'm trying to see if a particular byte has a particular value.
> This byte exists in three different places in the below code, and all I want
> to do is test if it contains 0xc4, which is D in ebcdic. I just can't get it
> right. Any help is appreciated.
>
>
> local mgi = Proto("mymgi", "Somos MGI Protocol")
> local pf_mgi_flag =  ProtoField.new("mgi_flag", "mymgi.mgi_flag",
> ftypes.STRING)
>
> mgi.fields = {
> pf_mgi_flag
> }
>
> local m_flag = Field.new("mymgi.mgi_flag") -- used for relational operations
>
> function mgi.dissector(tvbuf, pktinfo, root)
> pktinfo.cols.protocol:set("SomosMGI")
>      local pktlen = tvbuf:reported_length_remaining()
> local tree = root:add(mgi, tvbuf:range(0,pktlen))
>
> local info_mgi_flag = tvbuf:range(19,1) -- used in wireshark info column
> tree:add(pf_mgi_flag, tvbuf:range(19,1)) -- used in protocol tree
> pktinfo.cols.info:append("FLAG=")
> pktinfo.cols.info:append("".. info_mgi_flag ..",")
> return pktlen
>
> DissectorTable.get("tcp.port"):add(6110, mgi)
>
>
> By the way, in the Wireshark tree it prints as \357\277\275, but in the Info
> column it displays as c4. In the hex packet display it is also c4. And if I
> do print ((string.char(0xc4))), this character prints Ä

I'm having a dickens of a time figuring out what people who know Lua
well (of which there are plenty on this list) can do to answer a question
that seems to depend heavily on the details of some package not required
in the code we can see, nor named in the text of the question.

I'm afraid that the only answer I can give "Use the 5.3 string.unpack
function whenever you need to deal with strings known to contain
general binary rather than pure ASCII or UTF8 data" wiil read as
cryptically to the OP as the question does to me.