Lua/Taps

Verified with Wireshark SVN 45134

Lua Taps/Listeners

Taps are a mechanism to fetch data from every frame. They can be defined to use a display filter.

A simple Tap

This tap is meant to be used as a script run by tshark. It counts the number of HTTP packets that occur during the trace. To run this tap on a trace file called mylan.pcap and assuming that tshark is in the path, one would issue the command tshark -X lua_script:simple_http.lua -r mylan.pcap

-- simple_http.lua
-- implements a very simple tap in Lua

-- this is going to be our counter
http_packets = 0

-- this is going to be our tap
tap_http = nil

-- first we declare the tap called "http tap" with the filter it is going to use
tap_http = Listener.new(nil,"http")

-- this function will get called at the end(3) of the capture to print the summary
function tap_http.draw()
    debug("http packets:" .. http_packets)
end

-- this function is going to be called once each time the filter of the tap matches
function tap_http.packet()
    http_packets = http_packets + 1
end

-- this function will be called at the end of the capture run
function tap_http.reset()
    http_packets = 0
end

GUI

-- text_window_tap.lua
-- an example of a tap that registers a menu
-- and prints to a text window

instances = 0 -- number of instances of the tap created so far

function mytap_menu()
    instances = instances + 1

    local td = {}
    -- the tap data, locally accessible by every function of the tap
    -- beware not to use a global for taps with multiple instances or you might
    -- find it been written by more instances of the tap, not what we want.
    -- each tap will have its own private instance of td.

    td.win = TextWindow.new("My Tap " .. instances) -- the window we'll use
    td.text = "" -- the text of the tap
    td.instance = instances -- the instance number of this tap

    -- this tap will be local to the menu_function that called it
    local tap = Listener.new()

    -- callback to remove the tap when the text window closes
    function remove_tap()
        if tap and tap.remove then
            tap:remove()
        end
    end

    -- make sure the tap doesn't hang around after the window was closed
    td.win:set_atclose(remove_tap)

    -- this function will be called for every packet
    function tap.packet(pinfo,tvb,tapdata)
        local text = "packet " .. pinfo.number
        td.text = td.text .. "\n" .. text
        -- debug("packet " .. pinfo.number, tapdata.instance)
    end

    -- this function will be called once every few seconds to redraw the window
    function tap.draw()
        td.win:set(td.text)
        -- debug("draw", tapdata.instance)
    end
end

-- last we register the menu
-- the first arg is the menu name
-- the 2nd arg is the function to be called
-- the third argument is the menu to hold this new menu
register_menu("Lua Tap Test",mytap_menu,MENU_TOOLS_UNSORTED)

-- debug("registered")

Imported from https://wiki.wireshark.org/Lua/Taps on 2020-08-11 23:16:13 UTC