[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-dev
Subject:    Re: [Wireshark-dev] Wireshark-dev: Re: Lua embedded into C++
From:       Peter Wu <peter () lekensteyn ! nl>
Date:       2017-03-17 11:31:54
Message-ID: 20170317113154.GC17318 () al
[Download RAW message or body]

On Thu, Mar 16, 2017 at 08:45:34PM +0000, Kunal Thakrar wrote:
> Hi Peter,
> 
> So if using the Lua API, if I put a script which primes the fields I
> am interested in within the plugins folder I will be able to access
> information such as the IP addresses (to see which TCP connection it
> was part of) and any information about the HTTP packets (obviously if
> it was, in fact, part of a TCP connection).

Yes, here you can find some examples of doing this in Lua:
https://github.com/Lekensteyn/lglaf/blob/master/lglaf.lua
https://git.lekensteyn.nl/peter/wireshark-notes/tree/lua/r8152.lua

See "usb_transfer_type". Note that the number of returned values may be
larger than 1. In case you want to access all addresses, you could try
something like:

    local ip_addr = Field.new("ip.addr")
    local my_proto = Proto.new("my_proto", "My Proto")
    function my_proto.dissect(tvb, pinfo, tree)
        -- Note: Lua language feature: if my_proto returns more than 1
        -- item, using it as last element of the array results in
        -- appending all returned values to this array
        local fields = { my_proto() }
        -- ...
    end
    register_postdissector(my_proto)

Alternatively, use ip.src and ip.dst for specific addresses (but note
that in case of tunneled traffic you may still have multiple
occurrences).
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic