This wiki has been migrated to and is now deprecated. Please use that site instead.
Differences between revisions 17 and 18
Revision 17 as of 2006-02-08 11:53:14
Size: 4779
Editor: LuisOntanon
Comment: Hello world example
Revision 18 as of 2006-02-08 12:04:28
Size: 4805
Editor: LuisOntanon
Deletions are marked like this. Additions are marked like this.
Line 20: Line 20:
Line 21: Line 22:



  • attachment:lua_logo.gif

    Lua is a powerful light-weight programming language designed for extending applications. Lua is designed and implemented by a [ team] at [ PUC-Rio], the Pontifical Catholic University of Rio de Janeiro in Brazil. Lua was born and raised at [ Tecgraf], the Computer Graphics Technology Group of PUC-Rio, and is now housed at []. Both Tecgraf and are laboratories of the [ Department of Computer Science]. Lua's been added to ethereal as for prototyping and scripting.

For more information about Lua refer to [ Lua's main site], there you can find its [ Reference Manual] and a [ book] that describes the language.

Lua in Ethereal

Lua can be used to write [:Lua/Dissectors: dissectors], post-dissectors and [:Lua/Taps: taps].

Although it's possible to write [:Lua/Dissectors: dissectors] in Lua, ethereal dissectors are written in C, as C is several times faster than Lua. Lua is ok for prototyping dissectors, during Reverse Engineering you can use your time for finding out how things work instead of compiling and debugging your C dissector.

Post-dissectors are dissectors meant to run after every other dissector has run. They can add items the dissection tree so they can be used to create your own extensions to the filtering mechanism.

[:Lua/Taps: Taps] are used to collect information after the packet has been dissected.

Getting Started

Lua is an optional module in ethereal 0.10.15(???) so it won't be installed by default. If you want to use it make sure you install it.

To check if it is installed go to Help->About Ethereal go to the Plugins tab and look for it.


To test if it works write a simple Lua script like:

-- hello.lua
-- Lua's implementation of D. Ritchie's hello world program.

    print("hello world!")

run tethereal -X lua_script:test.lua from the command prompt and tou should see something like:

$ tethereal -X lua_script:hello.lua
hello world!
Capturing on en0
1   0.000000 -> NBNS Name query NB XXX.COM<00>

if you can read "hello world!" in the first line after you run tethereal Lua is up and runing.


  • [:Lua/Tap: Tap]
  • [:Lua/Field: Field] a handy tool to get fileds from the tree
  • [:Lua/Proto: Proto] represents a protocol
  • [:Lua/ProtoField: ProtoField] the fields of a protocol

  • [:Lua/ProtoFieldArray: ProtoFieldArray]

  • [:Lua/Dissector: Dissector] utility class to handle dissectors
  • [:Lua/Dissector: DissectorTable] utility class to handle dissectors

  • [:Lua/Pinfo: Pinfo] current packet information
  • [:Lua/ProtoTree: ProtoTree]

  • [:Lua/ProtoTree: ProtoItem]

  • [:Lua/SubTree: SubTree] subtrees

  • [:Lua/Tvb: Tvb] access to the packet's actual bytes
  • [:Lua/ByteArray: ByteArray] utility class to manage an array of bytes

  • [:Lua/Gui: TextWindow] class that manages text-only windows.


  • Examples of generic Lua code can be found in [ The Sample Code] page of Lua-Users wiki.

  • [:Lua/Examples/Tap: tap example]
  • [:Lua/Examples/Dissector: dissector example]
  • [:Lua/Examples/PostDissector: post-dissector example]


This page is a good start. However, some things remain unclear:

  • How to install/use lua?
  • What's the difference between a post-dissector and a tap

That's what it is, a start... I think it's soon to complete as things are changing as I go ahead.

  • So far it works only on *NIX as I'm still bringing it up. If you want the lua plugin installed configure --with-lua=<lua_directory> to get it to work for windows I'll need help.

  • I do not have yet a clear idea on how Lua will be invoked from ethereal.
    • So far as a temporary solution:
      • it either looks for ~/.ethereal/init.lua and loads that script
      • or looks for a file pointed by the environment variable ETHEREAL_LUA_INIT.
    • It will change as soon as I (or someone else, proposals are welcome) come out with a good way to do it.
  • Tap vs. Postdissector
    • a post dissector is it's like a normal dissector called every time a tree needs to be generated for a frame it just gets called at last.
    • a tap is run once after the first dissection of a packet and it has no access to the tree, it cannot add fields (a postdissector can but it will be called every time a tree needs to be generated).
      • -- Luis E. G. O.

Lua (last edited 2020-03-31 15:55:54 by GeraldCombs)