This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
0
1

This question is for Linux Centos Platform. I am doing a project in which Wireshark Traffic is to to be exported to a .pcap file and later used for further analysis. This Export is to be automatic that is programmatic. I found out that Wireshark process can be automated with LUA scripting Hence i download Wireshark but in the HELP or can say About Tab it displayed "Without LUA" so I am stuck up. I have searched a lot for a version of wireshark that supports LUA but no success. Can anyone put some light on this ?

There are basically 2 Problems ?

1.How to get a version of Wireshark with LUA ? Does it come bundled together ? OR I have to add it manually ? How to do so ?

2.Can Wireshark work on any other Language which can be used to automate entire wireshark Process ? I read tshark [command line version of wireshark] is the option but could not find any resources on it . Any help would be very useful.

asked 09 Feb '14, 00:33

Ashish%20M's gravatar image

Ashish M
11122
accept rate: 0%

How did you install it? Did you download the source and compile, or use Yum, or what? From source code (and possibly RPMs) Lua is only compiled in with a configure flag, as far as I know. On pre-built packaged Mac OS-X and Windows packages it's built in.

(10 Feb '14, 00:36) Hadriel

I found out that Wireshark process can be automated with LUA scripting

can you please add some information about the nature of the automation you need?

(10 Feb '14, 05:29) Kurt Knochner ♦

You said "traffic is to be exported to a .pcap file" and "export is to be automatic". Depending on how you mean those things, you may not need Lua, although Lua can export packets to pcap files. But if all you need is to start wireshark, capture traffic, and have it be saved to a pcap file... then use tshark instead. Tshark is the command-line version of wireshark. If you installed wireshark, then you have tshark as well. One of tshark's command-line options ('-w <outfile>') makes it write to a pcap file. So you can do all this "automating" with a shell script or alias.

permanent link

answered 10 Feb '14, 00:41

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Another option, if you can manage with only capture filters, is to use dumpcap that also comes along with Wireshark to make the captures and write them to a pcap file.

Dumpcap is a much lighter weight process to run for extended periods instead of tshark or wireshark.

(10 Feb '14, 02:59) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×832
×431

question asked: 09 Feb '14, 00:33

question was seen: 3,429 times

last updated: 10 Feb '14, 05:29

p​o​w​e​r​e​d by O​S​Q​A