Ask Your Question
0

Filter udp packets using lua script

asked 2022-05-13 16:08:09 +0000

linuxbegginer gravatar image

So I have tshark and lua script which i am trying to run. I am running with the command:

sudo tshark -X lua_script:luascript.lua -c 100

Where my lua scrpit looks like this:

do
     packets = 0;
     file = io.open("result.txt","a")
     local function init_listener()
          local tap = Listener.new(nil,"ip.addr == 10.0.2.15&&udp")
          function tap.reset()
               packets = 0;
          end
          function tap.packet()
               packets = packets + 1
               io.output(file)
          end
          function tap.draw()
                print("Packets to/from 10.0.2.15",packets)
          end
     end
     init_listener()
     io.close(file)
end

So when i ran tshark I get each packet ouputs to the command line like this one:

98 5.300306453 142.250.179.136 → 10.0.2.15    TCP 60 443 → 54114 [ACK] Seq=1 Ack=1031 Win=65535 Len=0

And everytime udp packet comes up i want to save it to output file(with all the information). So indeed tap.packet() captures Those packets but what i want is to write them to output file using lua script.

How do i do that?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2022-05-13 16:43:21 +0000

Chuckc gravatar image

sudo tshark .... look at giving your user the permissions it needs - Running Wireshark as You

tshark -q option will suppress the packet lines.

There are examples on the Wireshark wiki for dumping packets -
dumping to multiple files, Dump VoIP calls into separate files
Documentation for dumper in the WSDG.

edit flag offensive delete link more

Comments

Ty very much :)

linuxbegginer gravatar imagelinuxbegginer ( 2022-05-14 10:54:35 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-05-13 16:08:09 +0000

Seen: 38 times

Last updated: May 13