Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Refer to section 11.2. Obtaining dissection data of the Wireshark Developer's Guide.

Basically, you'll call Field.new(fieldname), where fieldname is the field of interest. In your case, you seem interested in 2 fields, namely frame.number and tcp.stream, so you'd have something like:

local frame_number = Field.new("frame.number")
local stream_index = Field.new("tcp.stream")

From there, you would obtain all values for this field using (). For the frame number and TCP stream index, there is probably only 1 value for each field per packet [at most], so there's likely no need to worry about multiple values here. After that, you can grab the information you want from it. For example:

function foo.dissector(tvbuf, pinfo, tree)
    local frame_num_ex = frame_number()
    local stream_idx_ex = stream_index()

    # Open a Lua Console to see the value printed.
    print("frame number: " .. frame_num_ex.value)
    if stream_idx_ex then
        print("TCP stream index: " .. stream_idx_ex.value)
    end
end

Refer to the Wireshark Developer's Guide and to Wireshark Lua and related wiki pages for more information and for plenty of examples.