In several places you use the ‘string’ method of the TvbRange object. For example "h264tvb(2):string()”, and several other places.
My guess is your problem is a change in behavior of the TvbRange’s “string” method. But I don’t know why you see the change in behavior in 1.10 - as far as I can tell 1.10 should behave the same as 1.8. Internally they both call a C-function named “ tvb_get_ephemeral_string”, and I don’t think that function changed in 1.10 (it changed in 1.12 however).
In 1.8, the “string” method produced a Lua string of the raw bytes of the TvbRange, because tvb_get_ephemeral_string assumed ASCII but didn’t change the character if it wasn’t ASCII (so in a sense, it just retrieved the raw bytes). But in Wireshark 1.12 the “string” method produces a Lua string based on a string encoding of the bytes, with a default of ASCII, and when it finds non-ASCII characters it replaces them with unicode, and thus your output file would be different. There’s still another way to get the raw bytes in 1.12, but you said 1.10 so that won’t help.
Are you sure it’s not Wireshark 1.12 (or 1.11) that’s giving you the problem?
For the version that’s giving you the problem, please run “tshark -v” (or go to wireshark’s help->about dialog) and copy what gets shown into a reply to this email.
-hadriel
Dear all,
I am an Wiershark user from China. I put the attached file "h264.lua" into the installation directory of wiershark. And set "dofile(DATA_DIR.."h264.lua") " at the end of file of "init.lua". Attached file "aa.pcap" is the capture result of "some rtsp data".
The file "aa.pcap" is opened by Wireshark. From the "Tools" manue,we can choose "Export h264 to file", then the h264 raw data file from "aa.pcap" is given by wireshark. the file is attached as "new_wiershark_ver_over_1.10.x.h264" is the raw h.264 data file. This file can't be play by VLC player.
However, the same file "aa.pcap" and the same file "h264.lua", using the same method, the raw h264 data file getting from low version wireshark such as version 1.8.3 can be played by VLC directly. The raw h264 data is attached as "wireshark_ver_1.8.3.h264".
I confused bye the raw h264 data file of different version of Wiershark. I don't know why cause the different results. I find some HEX number 'ef bf bd ef bf bd " and so on was insert the raw data file. TVB is used in the h264.lua to get raw data , Maybe the TVB 's difference of different wireshark version cause the result.
Can you help me?
Thanks!
<h264.lua><aa.pcap><new_wiershark_ver_over_1.10.x.h264><wireshark_ver_1.8.3.h264>___________________________________________________________________________ Sent via: Wireshark-users mailing list < wireshark-users@xxxxxxxxxxxxx> Archives: https://www.wireshark.org/lists/wireshark-usersUnsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
|
