User Guide
Lua Support in Wireshark
166
[9] = Dissector.get("rrc"),
[10] = DissectorTable.get("sctp.ppi"):get_dissector(3), -- m3ua
[11] = DissectorTable.get("ip.proto"):get_dissector(132), -- sctp
}
function p_multi.dissector(buf,pkt,root)
local t = root:add(p_multi,buf(0,2))
t:add(f_proto,buf(0,1))
t:add(f_dir,buf(1,1))
local proto_id = buf(0,1):uint()
local dissector = protos[proto_id]
if dissector ~= nil then
dissector:call(buf(2):tvb(),pkt,root)
elseif proto_id < 2 then
t:add(f_text,buf(2))
-- pkt.cols.info:set(buf(2,buf:len() - 3):string())
else
data_dis:call(buf(2):tvb(),pkt,root)
end
end
local wtap_encap_table = DissectorTable.get("wtap_encap")
local udp_encap_table = DissectorTable.get("udp.port")
wtap_encap_table:add(wtap.USER15,p_multi)
wtap_encap_table:add(wtap.USER12,p_multi)
udp_encap_table:add(7555,p_multi)
end
11.3. Example of Listener written in Lua
-- This program will register a menu that will open a window with a count of occurrences
-- of every address in the capture
do
local function menuable_tap()
-- Declare the window we will use
local tw = TextWindow.new("Address Counter")
-- This will contain a hash of counters of appearances of a certain address
local ips = {}
-- this is our tap
local tap = Listener.new();
function remove()
-- this way we remove the listener that otherwise will remain running indefinitely
tap:remove();
end
-- we tell the window to call the remove() function when closed
tw:set_atclose(remove)
-- this function will be called once for each packet
function tap.packet(pinfo,tvb)
local src = ips[tostring(pinfo.src)] or 0
local dst = ips[tostring(pinfo.dst)] or 0
ips[tostring(pinfo.src)] = src + 1