Ask Your Question


asked 2019-06-19 13:08:42 +0000

Harvey gravatar image

My lua script works more or less. Now, I want to use it to write some of the extracted data to a XML file. I want to use the same script file, so I decided to test if there is argument send to the script.

  1. If yes, this means the script is called from command line with tshark, and then I can write specific data.
  2. If no, this means it is call from Wireshark so I wiil not record XML file this time.

My problem is that when I call from command line with :

tshark -r test_210.pcapng -Y tgip -q > test.txt -X lua_script1:arg1 -X lua_script2:arg2

The arguments are not seen by the script, I suppose it is because I don't use -X option. With :

tshark -r test_210.pcapng -X lua_script:Gip.lua -Q  -X lua_script1:arg1 -X lua_script2:arg2

I have an error : Gip.lua:34: bad argument #2 to 'Proto' (Proto_new: there cannot be two protocols with the same description) I suppose it is because the script is all ready loaded, and I call it again with -X.

Do you any idea to solve this ?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-06-19 13:24:58 +0000

grahamb gravatar image

updated 2019-06-19 13:27:43 +0000

tshark -r test_210.pcapng -X lua_script:Gip.lua -Q -X lua_script1:arg1 -X lua_script2:arg2

I don't think this follows the rules for passing arguments to a lua script. From the tshark man page:

lua_script:lua_script_filename tells TShark to load the given script in addition to the default Lua scripts.

lua_scriptnum:argument tells TShark to pass the given argument to the lua script identified by 'num', which is the number indexed order of the 'lua_script' command. For example, if only one script was loaded with '-X lua_script:my.lua', then '-X lua_script1:foo' will pass the string 'foo' to the 'my.lua' script. If two scripts were loaded, such as '-X lua_script:my.lua' and '-X lua_script:other.lua' in that order, then a '-X lua_script2:bar' would pass the string 'bar' to the second lua script, namely 'other.lua'.

So you have one script file, loaded with with -X:lua_script:Gip.lua, this is script number 1 and both arguments should be in the form of -X lua_script1:argxxx.

There is however simpler method of determining if the script is being run with Wireshark or not, gui_enabled().

edit flag offensive delete link more


  • Thanks a lot , I had misread the documentation. Your comment on lua_script1 is interresting and relevant.
    • Sure gui_enabled() is much more simpler.I do not know .
Harvey gravatar imageHarvey ( 2019-06-19 13:37:48 +0000 )edit

If an answer has solved your issue, for the benefit of others with the same question, please accept it by clicking the checkmark icon to the left.

There is a lot of great information in the Wireshark Lua API documentation.

grahamb gravatar imagegrahamb ( 2019-06-19 13:41:41 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-06-19 13:08:42 +0000

Seen: 409 times

Last updated: Jun 19 '19