 | 1 | initial version |
What about a Lua script that reads a text file with packet numbers to keep and dumps those packets to a new file?
C:\>type keeplist.txt 1 3 5 37916 C:\>capinfos -c bvlc.pcap File name: bvlc.pcap Number of packets: 37 k C:\r>tshark -q -X lua_script:.\keeplist.lua -r bvlc.pcap --disable-all-protocols Tap draw Tap reset C:\>capinfos -c keeplist.pcap File name: keeplist.pcap Number of packets: 4
-- keeplist.lua
-- https://ask.wireshark.org/question/34089/using-tshark-with-huge-display-filters/
-- "(tshark -r infile -Y "frame.number in ...." -w outfile)"
-- Create new capture file containing frames which are specified in a text list
-- Step 1 - document as you go. See header above and set_plugin_info().
local keeplist_info =
{
version = "1.0.0",
author = "Good Coders",
description = "Copy/pasted together by Chuck Craft",
repository = "Floppy in top drawer"
}
set_plugin_info(keeplist_info)
do
keeplist = {};
file, err = io.open("keeplist.txt","r")
if not file then
-- Opening the packet list failed, return the error
print("Cannot load keeplist file: " .. err)
return
end
while true do
local line = file:read("*number")
if not line then break end -- break on EOF
keeplist[line] = true
-- print(line)
end
io.close(file)
local function init_listener()
local keep_dmp
local tap = Listener.new()
function tap.reset()
print("Tap reset")
keep_dmp:close()
end
function tap.packet(pinfo,tvb,tapinfo)
-- print("pinfo.number = " .. pinfo.number)
if pinfo.number == 1 then
keep_dmp = Dumper.new_for_current( "./keeplist.pcap" )
end
if keeplist[pinfo.number] ~= nil then
-- print("Dump packet = " .. pinfo.number)
keep_dmp:dump_current()
end
end
function tap.draw()
print("Tap draw")
keep_dmp:flush()
end
end
init_listener()
end
Credits to:
Ask question Filter udp packets using lua script
Wiki Dump VoIP calls into separate files
Github wireguard-dissector
/wg.lua
| | 2 | No.2 Revision |
What about a Lua script that reads a text file with packet numbers to keep and dumps those packets to a new file?
C:\>type keeplist.txt 1 3 5 37916 C:\>capinfos -c bvlc.pcap File name: bvlc.pcap Number of packets: 37 kC:\r>tsharkC:\>tshark -q -X lua_script:.\keeplist.lua -r bvlc.pcap --disable-all-protocols Tap draw Tap reset C:\>capinfos -c keeplist.pcap File name: keeplist.pcap Number of packets: 4
-- keeplist.lua
-- https://ask.wireshark.org/question/34089/using-tshark-with-huge-display-filters/
-- "(tshark -r infile -Y "frame.number in ...." -w outfile)"
-- Create new capture file containing frames which are specified in a text list
-- Step 1 - document as you go. See header above and set_plugin_info().
local keeplist_info =
{
version = "1.0.0",
author = "Good Coders",
description = "Copy/pasted together by Chuck Craft",
repository = "Floppy in top drawer"
}
set_plugin_info(keeplist_info)
do
keeplist = {};
file, err = io.open("keeplist.txt","r")
if not file then
-- Opening the packet list failed, return the error
print("Cannot load keeplist file: " .. err)
return
end
while true do
local line = file:read("*number")
if not line then break end -- break on EOF
keeplist[line] = true
-- print(line)
end
io.close(file)
local function init_listener()
local keep_dmp
local tap = Listener.new()
function tap.reset()
print("Tap reset")
keep_dmp:close()
end
function tap.packet(pinfo,tvb,tapinfo)
-- print("pinfo.number = " .. pinfo.number)
if pinfo.number == 1 then
keep_dmp = Dumper.new_for_current( "./keeplist.pcap" )
end
if keeplist[pinfo.number] ~= nil then
-- print("Dump packet = " .. pinfo.number)
keep_dmp:dump_current()
end
end
function tap.draw()
print("Tap draw")
keep_dmp:flush()
end
end
init_listener()
end
Credits to:
Ask question Filter udp packets using lua script
Wiki Dump VoIP calls into separate files
Github wireguard-dissector
/wg.lua