Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2022-07-06 02:01:52 +0000

leelli gravatar image

Is there any difference in the way tshark and wireshark execute lua?

I want to print some needed logs through lua, the code is as follows.

The results I get when I allow it with tshark are correct.

When I open redis.pcap with wireshark I get a result that is repeated many times.

I would like to understand the reason for this difference and how should I modify my code for wireshark to work correctly

thank you very much

~~~~~~ windows tshark : tshark -X lua_Script:hello.lu -r redis.pcap

lu.log:

2 0.000299000

3 0.000019000

5 0.000442000

~~~~~~~~~

wireshark lu.log:

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

~~~~~~

 T_gre_proto = Proto("test_pro","Test ")    
      tcp_ack = Field.new("tcp.analysis.ack_rtt")
      frame_num = Field.new("frame.number")
      file = io.open("C:\\Program Files\\Wireshark\\lu.log", 'w')

 function T_gre_proto.dissector(buffer,pinfo,tree)
     if tcp_ack() then
      frame_v = frame_num().value
      ttcp_v = tcp_ack().value

       file:write(string.format("%s %s\n",frame_v,ttcp_v) )

       file:flush()  

      end

  end

  register_postdissector(T_gre_proto)

Is there any difference in the way tshark and wireshark execute lua?

I want to print some needed logs through lua, the code is as follows.

The results I get result obtained when I allow it with tshark are executes is correct.

When I open redis.pcap with wireshark I get a result that is repeated many times.

I would like to understand the reason for this difference and how should I modify my code for wireshark to work correctly

thank you very much

~~~~~~ windows tshark : tshark -X lua_Script:hello.lu -r redis.pcap

lu.log:

2 0.000299000

3 0.000019000

5 0.000442000

~~~~~~~~~

wireshark lu.log:

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

~~~~~~

 T_gre_proto = Proto("test_pro","Test ")    
      tcp_ack = Field.new("tcp.analysis.ack_rtt")
      frame_num = Field.new("frame.number")
      file = io.open("C:\\Program Files\\Wireshark\\lu.log", 'w')

 function T_gre_proto.dissector(buffer,pinfo,tree)
     if tcp_ack() then
      frame_v = frame_num().value
      ttcp_v = tcp_ack().value

       file:write(string.format("%s %s\n",frame_v,ttcp_v) )

       file:flush()  

      end

  end

  register_postdissector(T_gre_proto)
click to hide/show revision 3
None

updated 2022-07-06 09:31:15 +0000

grahamb gravatar image

Is there any difference in the way tshark and wireshark execute lua?

I want to print some needed logs through lua, the code is as follows.

The result obtained when tshark executes is correct.

When I open redis.pcap with wireshark I get a result that is repeated many times.

I would like to understand the reason for this difference and how should I modify my code for wireshark to work correctly

thank you very much

~~~~~~ windows windows tshark : tshark -X lua_Script:hello.lu -r redis.pcap

lu.log:

2 0.000299000

3 0.000019000

5 0.000442000

~~~~~~~~~

2 0.000299000
3 0.000019000
5 0.000442000

wireshark lu.log:

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

~~~~~~

2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000

hello.lu:

 T_gre_proto = Proto("test_pro","Test ")    
      tcp_ack = Field.new("tcp.analysis.ack_rtt")
      frame_num = Field.new("frame.number")
      file = io.open("C:\\Program Files\\Wireshark\\lu.log", 'w')

 function T_gre_proto.dissector(buffer,pinfo,tree)
     if tcp_ack() then
      frame_v = frame_num().value
      ttcp_v = tcp_ack().value

       file:write(string.format("%s %s\n",frame_v,ttcp_v) )

       file:flush()  

      end

  end

  register_postdissector(T_gre_proto)

Is there any difference in the way tshark and wireshark execute lua?

I want to print some needed logs through lua, the code is as follows.

The result obtained when tshark executes is correct.

When I open redis.pcap with wireshark I get a result that is repeated many times.

I would like to understand the reason for this difference and how should I modify my code for wireshark to work correctly

thank you very much

windows tshark : tshark -X lua_Script:hello.lu -r redis.pcap

lu.log:

2 0.000299000
3 0.000019000
5 0.000442000

wireshark lu.log:

2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000

hello.lu:hello.lua:

 T_gre_proto = Proto("test_pro","Test ")    
      tcp_ack = Field.new("tcp.analysis.ack_rtt")
      frame_num = Field.new("frame.number")
      file = io.open("C:\\Program Files\\Wireshark\\lu.log", 'w')

 function T_gre_proto.dissector(buffer,pinfo,tree)
     if tcp_ack() then
      frame_v = frame_num().value
      ttcp_v = tcp_ack().value

       file:write(string.format("%s %s\n",frame_v,ttcp_v) )

       file:flush()  

      end

  end

  register_postdissector(T_gre_proto)
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2