First, you need to declare a
Field that extracts
tcp.flags from the current packet. Then, you call the
Field object within
tap.packet() to get the
FieldInfo object that contains the value of the flags (as shown in the Lua below, tested in Wireshark 1.7.0).
-- There are two arguments to `Listener.new`; you were missing
-- the first arg in your question.
local tap = Listener.new(nil, "tcp")
-- Declare a `Field` to extract `tcp.flags`. This must be done
-- outside of `tap.packet`.
local f_flags = Field.new("tcp.flags")
-- Packet handler
local function tap.packet(pinfo, buf)
-- When called, the `f_flags` field extracts `tcp.flags` from
-- the current packet and returns a `FieldInfo` object.
local f = f_flags()
if f then
print(string.format("tcp.flags = %#x", f.value))
07 Dec '11, 04:40