This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to enable LUA in wireshark ?

0
1

This question is for Linux Centos Platform. I am doing a project in which Wireshark Traffic is to to be exported to a .pcap file and later used for further analysis. This Export is to be automatic that is programmatic. I found out that Wireshark process can be automated with LUA scripting Hence i download Wireshark but in the HELP or can say About Tab it displayed "Without LUA" so I am stuck up. I have searched a lot for a version of wireshark that supports LUA but no success. Can anyone put some light on this ?

There are basically 2 Problems ?

1.How to get a version of Wireshark with LUA ? Does it come bundled together ? OR I have to add it manually ? How to do so ?

2.Can Wireshark work on any other Language which can be used to automate entire wireshark Process ? I read tshark [command line version of wireshark] is the option but could not find any resources on it . Any help would be very useful.

asked 09 Feb '14, 00:33

Ashish%20M's gravatar image

Ashish M
11122
accept rate: 0%

How did you install it? Did you download the source and compile, or use Yum, or what? From source code (and possibly RPMs) Lua is only compiled in with a configure flag, as far as I know. On pre-built packaged Mac OS-X and Windows packages it's built in.

(10 Feb '14, 00:36) Hadriel

I found out that Wireshark process can be automated with LUA scripting

can you please add some information about the nature of the automation you need?

(10 Feb '14, 05:29) Kurt Knochner ♦

One Answer:

3

You said "traffic is to be exported to a .pcap file" and "export is to be automatic". Depending on how you mean those things, you may not need Lua, although Lua can export packets to pcap files. But if all you need is to start wireshark, capture traffic, and have it be saved to a pcap file... then use tshark instead. Tshark is the command-line version of wireshark. If you installed wireshark, then you have tshark as well. One of tshark's command-line options ('-w <outfile>') makes it write to a pcap file. So you can do all this "automating" with a shell script or alias.

answered 10 Feb '14, 00:41

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Another option, if you can manage with only capture filters, is to use dumpcap that also comes along with Wireshark to make the captures and write them to a pcap file.

Dumpcap is a much lighter weight process to run for extended periods instead of tshark or wireshark.

(10 Feb '14, 02:59) grahamb ♦