i am new in wireshark and lua script. I did some research and found that "Wireshark contains a LUA language interpreter. LUA scripts that execute on this interpreter can control Wireshark". I want to make an application to control wireshark. When i give command "start capture" in my application it should start capturing and same goes with filtering protocol. Is it possible to do that? if possible, can you give some example how can i do it?
asked 25 Feb '14, 00:05
Amrit: I'm not sure how you mean that question. You said "I want to make an application to control wireshark. When i give command "start capture" in my application it should start capturing and same goes with filtering protocol." You don't need Wireshark to capture and filter - you can use dumpcap instead, for example.
Lua is used for writing scripts inside Wireshark and tshark, to affect wireshark/tshark's behavior, but Lua doesn't "drive" the wireshark application - instead, wireshark invokes Lua when certain things happen. Think of it more like a plugin language inside wireshark/tshark than a shell script outside of wireshark/tshark. Lua can control wireshark/tshark in many ways, but not to start/stop capturing as far as I know. That could be added, but I don't understand any use-case for such a thing. Can you explain further what you want to do?
answered 25 Feb '14, 07:21
For my self personally, a colleague and I are hoping to release a light-weight open source tool that provides a top-down view on network data. It has already been written, tested and used in anger by others at the company where we work. It analyses pcap data then provides statistics on a list of IP conversations between hosts, allowing you to drill down into details about the TCP Connections for each conversation. Then from TCP Connections it can drill down into the individual packet data where it currently hooks into a prototype-dev version of Wireshark (by changing the filters on the GUI). It also provides the ability to script your own data classifications to help identify specific network conditions quickly. Our aim is to release it to the open source community within the next few weeks/months.
In my opinion I would rather connect to a Wireshark remote control API than use a bespoke version or re-create the wheel.
I think a "GUI remote control" would only need to support "Change GUI Filter" and "Remove GUI Filter" although it has a lot more potential too. I have implemented these controls in our prototype-dev version or Wireshark.
Any help you can offer would be appreciated.
answered 25 Feb '14, 00:42
edited 25 Feb '14, 01:39
Guy Harris ♦♦
just start Wireshark with the appropriate commandline options in your application. See Wireshark man page.
answered 25 Feb '14, 08:41
Kurt Knochner ♦