https://stackoverflow.com/questions/21890600
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianCalling ether() on a TvbRange (which is what you're doing) gives you back an Address object. Unfortunately Address objects aren't that useful by themselves - about the only thing you could do is to call tostring(addr) to get a string representation and then compare that to what you expect it to be. Like this:
if tostring(buf(0,6):ether()) == "00:12:34:56:78:9a" then
-- do stuff
end
There is one thing to watch out for though: if your wireshark preference settings are set to enable name resolution, then the string you get back might have the OUI portion of the Ethernet MAC address replaced with the organization/company name it's assigned to. I.e., it might be something like "cisco:56:78:9a" or whatever.
In the latest (nightly) wireshark 1.11 builds, you can get the raw string of a buffer as a raw Lua string, and just compare that to your ethernet address (as a binary Lua string, not ASCII characters); and there're also functions to convert to/from hex so you can convert it to hex-ascii as well, etc.
Of course another thing you can do is get each byte or pair of bytes, like buf(0,2):uint() and buf(2,2):uint() and buf(4,2):uint() and just compare them as numbers.
