Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Save extracted data from reassembled packets

From: Peter Smith <psmith135@xxxxxxxxx>
Date: Tue, 23 Feb 2010 12:16:32 +0200

Thank you very much for such quick fix. I was suprised it took only one line of C code. Indeed knowledge is power :) Now when I use the previously mentioned Lua code with print(wsp_pdu.value), it gives me the hex bytes of the extracted field for the complete protocol payload which is exactly what I was looking for.

There is another problem with all 1.3.3 and 1.3.4 versions though when I use them for mmse protocol but that's a different story for a different thread :))

Just for the record here is the error in wireshark packet summary column for mmse protocol:
MMSE MMS m-retrieve-conf[Dissector bug, protocol MMSE: proto.c:2269: failed assertion "fi && "proto_tree_set_visible(tree, TRUE) should have been called previously""]

2010/2/22 Stig Bjørlykke <stig.bjorlykke@xxxxxxxxx>
On 21. feb. 2010, at 20.00, Peter Smith wrote:

> I have the following code to get the reassembled WSP payload out of packet in wireshark
> ===================================
> wsp_extractor ="wsp")

Wireshark does not currently support handling FT_PROTOCOL as a field extractor.  I suppose in this situation the FT_PROTOCOL should be handled as a byte array, and maybe this is the best handling.  I have just committed revision 31951 with a fix for this, please try a automated build[1] in an hour or so.


Stig Bjørlykke

Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>