This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Mark packets with Lua

0

Hi,

I need to do a Lua script which has to highlight some issues in a very huge heap of packets. Does somebody knows if it is possible through the Lua API and how?

I suspected the "frameinfo.flags" but the reference to wtap_preference_flags does not exist in init.lua. I know that this option exists because I can filter on packet marks using the filter "frame.marked".

Any help would be much appreciated. Thanks Alex

asked 27 Jun '14, 06:04

format_c's gravatar image

format_c
1111
accept rate: 0%


One Answer:

0

There is no way currently to mark packets, as far as I know. It would need to be exposed in an enhancement, and would be done by being added to Pinfo object rather than FrameInfo. It's a good request - please submit a bugzilla request for it.

The "FrameInfo.flags" are different, though similar - they represent info about the frame/packet in the capture file, not info about the frame in the GUI display window. There's an overlap of course, but it's not the same information. (internally they're different data structures)

If you don't see the "wtap_presence_flags" table in init.lua, then you're not running a new enough version of wireshark. It only appeared starting in 1.11.3, so now it's 1.12.0rc2. But as mentioned above, it won't solve the problem for you as it doesn't control frame marking in the GUI.

answered 27 Jun '14, 10:04

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Could the OP add expert info to the packets using lua and then filter on that?

(27 Jun '14, 11:18) grahamb ♦

Sure, or a Lua-created protocol field too.

(27 Jun '14, 12:30) Hadriel