I would like to write a lua script which performs some analysis on an EtherCAT capture file capture by Wireshark. The protocol is EtherCAT and and EtherCAT frame can contain many datagrams which are represented as treenodes by the dissector. I would like to loop over treenodes (datagrams) to find a specific one.
I have tried to modify Hadriel's post-dissector example and I used it in tshark but the script breaks down at all_field_infos(). The "Treefields query:" is printed out but "... succeeded!" missing. What could be wrong?
How I use the script: tshark.exe -r ecat.pcapng -X lua_script:extarct.lua
-- calling tostring() on random FieldInfo's can cause an error, so this func handles it
local function getstring(finfo)
local ok, val = pcall(tostring, finfo)
if not ok then val = "(unknown)" end
return val
end
-- our fake protocol
local exproto = Proto.new("extract", "Data Extractor")
function exproto.dissector(tvbuf, pktinfo, tree)
print("")
print("Actual packet no: " .. pktinfo.number .. " Length: " .. pktinfo.len .. " bytes")
if tree == nil then
print("Tree is nil!")
else
print("Treefields query:")
local TreeFieldInfo = { all_field_infos() }
print("... succeeded!")
if TreeFieldInfo == nil then
print("Treefield info is nil!")
else
-- Processing fields to find a datagram and aquire data from it.
for ix, finfo in ipairs(TreeFieldInfo) do
print("\t[" .. ix .. "] " .. finfo.name .. " = " .. getstring(finfo) .. "\n")
end
end
end
end
-- register it as a postdissector, and force all fields to be generated
register_postdissector(exproto, true)