 | 1 | initial version |
Refer to section 11.2. Obtaining dissection data of the Wireshark Developer's Guide.
Basically, you'll call Field.new(fieldname), where fieldname is the field of interest. In your case, you seem interested in 2 fields, namely frame.number and tcp.stream, so you'd have something like:
local frame_number = Field.new("frame.number")
local stream_index = Field.new("tcp.stream")
From there, you would obtain all values for this field using (). For the frame number and TCP stream index, there is probably only 1 value for each field per packet [at most], so there's likely no need to worry about multiple values here. After that, you can grab the information you want from it. For example:
function foo.dissector(tvbuf, pinfo, tree)
local frame_num_ex = frame_number()
local stream_idx_ex = stream_index()
# Open a Lua Console to see the value printed.
print("frame number: " .. frame_num_ex.value)
if stream_idx_ex then
print("TCP stream index: " .. stream_idx_ex.value)
end
end
Refer to the Wireshark Developer's Guide and to Wireshark Lua and related wiki pages for more information and for plenty of examples.