When I just want to quickly test some bits of Lua code that doesn't involve capturing traffic or analyzing a pcap, is there a way I can evoke the Lua interpreter embedded in Wireshark? I know I can down load Lua itself, but it doesn't have all the Wireshark specific stuff like the new UInt64 objects. It doesn't even have bit op. When I use the Lua "evaluate" option under tools, it doesn't print out anything even if I have a print statement. And I can't even find Lua in the menu anymore in the new Wireshark 1.11.3. So far I've been trying out my code bits by doing the command tshark -X lua_script: myScriptname I will see the output from my script and then I quickly end the command as I'm not interested in the capturing on Ethernet that happens right afterwards. Is there an easier way? And I assume the answer may be different on what OS you use. I use both Mac and Windows. Thanks so much. asked 06 Mar '14, 15:05  YXI |
3 Answers:
It's technically possible to achieve it, by writing a Lua script that creates a console window, accepts user input, and calls loadstring() on the strings/chunks the user inputs. In fact my guess is someone's written a Lua "interpreter" as a Lua script somewhere, that you could use as a baseline to write such a console app. But I don't do that personally - I just mostly use tshark with the In the more recent 1.11 nightly builds you can also pass arguments to your Lua script through the commandline, which was mostly added to help create some testsuites to test the Lua functions. But I rarely use that feature other than for those testsuites. answered 06 Mar '14, 15:18  Hadriel |
Oh, and I suppose I should point out, lest someone go try and write a Lua interpreter-window script, that you wouldn't be able to do some things in it anyway... because some things are only allowed by wireshark when it's loading scripts itself. For example creating new protocol dissectors (ie, the answered 06 Mar '14, 15:42 Hadriel |
Heh, you actually answered this question yourself in another topic - the "Evaluate" menu item under Tools->Lua appears to do what you want. For example, you can have it print to your shell using: Or have it print to the Console dialog window created by Tools->Lua->Console using the logging facilities, such as: answered 06 Mar '14, 21:59 Hadriel For Windows, message() works. print() still doesn't work, even when I have a console window open, or start Wireshark from a shell. (07 Mar '14, 13:14) YXI On the Mac, it should be in (07 Mar '14, 14:34) Hadriel From the nightly build a couple of weeks ago, I got: Windows: Both wireshark(GTK+) and qtshark under C:\Program Files\wireshark Mac: Only wireshark under /usr/local/bin, and it is the qt version. I guess Mac download didn't come with the GTK+ version. (13 Mar '14, 10:01) YXI Huh, yeah it looks like you're right - I just tried the latest nightly build and it only installed the Qt one, and in its package file it only has the Qt one. Hmmm... might be a bug. (13 Mar '14, 10:19) Hadriel Filed bug 9881 - we'll see if it's really a bug or by design. (13 Mar '14, 10:23) Hadriel Wasn't it all those Mac users complaining about how ugly the GTK build looked that was one of the reasons for the switch to QT :-) They get to live the new life first. (13 Mar '14, 10:27) grahamb ♦ Well the GTK one really is ugly on a Mac (and doesn't use normal Mac keyboard shortcuts, etc.). The Qt one is a breath of fresh air. :) Unfortunately, the Qt one is still very limited - it's missing tons of stuff, and some stuff it appears to have doesn't work yet. So as a Mac user I feel like a second class citizen if 1.11 Windows builds have all the features, whereas Mac builds don't. Since the nightly 1.11 builds are meant to be the bleeding edge development builds eventually leading to 1.12... maybe all 1.11 builds should be Qt-only? (13 Mar '14, 12:00) Hadriel showing 5 of 7 show 2 more comments |
Thanks. The empty pcap file is a great idea!