This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark will look for plugins at /usr/share/wireshark/plugins, according to the list of plugin directories at: B.2. Configuration Files and Folders

But that doesn't seem the case here, tested in Arch Linux and Ubuntu 14.04 with a LUA dissector. Adding the LUA dissector in the binary plugins dir (e.g. /usr/lib/wireshark/plugins/1.12.3 in my arch linux setup) works, though...

Any idea? What's the best way to provide custom LUA dissectors for wireshark in other packages?

asked 10 Feb '15, 05:16

aleksander0m's gravatar image

aleksander0m
6112
accept rate: 0%


Wireshark will look for plugins at /usr/share/wireshark/plugins

The paths might be different on your system due to different compile time options for different Linux distributions. You will see the paths for your system in the Wireshark GUI.

Help -> About ... -> Folders

With that information, please read the answer to the following question:

https://ask.wireshark.org/questions/8328/order-of-entries-in-dissector-tables-at-startup-and-lua

That should help to answer your question for your system.

Any idea? What's the best way to provide custom LUA dissectors for wireshark in other packages?

Well, that depends how you want to distribute your Lua dissector. The most "consistent" way would be to provide an installation package (rpm, dpkg, etc.) for your traget dsitributions, including everything: Wireshark, tshark, your Lua code, etc. However that's going to create a lot of work if you want to make your Lua code available on a lot of platforms. So the best way depends totally on your requirements ;-)

Regards
Kurt

permanent link

answered 10 Feb '15, 05:49

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Yeah, I cannot see the /usr/share/wireshark/plugins path in Help->About->Folders. But I also don't see anything specific in either the Arch or Ubuntu builds that would disable that, so I'm going to just assume that the Wireshark doc is outdated.

Regarding the distribution of the dissector; why would I want to fully repackage Wireshark just for 1 LUA file? I'll just package it to get installed in the plugins dir with its own package (as it is just a custom protocol dissector anyway).

(10 Feb '15, 07:22) aleksander0m

As I said. The best way depends on your requirements, so do it the way you need it.

(10 Feb '15, 07:53) Kurt Knochner ♦

I think the best way to distribute a Lua script is to have your users put the script into their Personal Plugins folder. The directory for this is not necessarily the same for all platforms everywhere - it's whatever is listed in Help -> About Wireshark -> Folders -> Personal Plugins. It's usually $HOME/.wireshark/plugins, but really it's safer to just have the user look at the Help info to figure it out.

permanent link

answered 12 Feb '15, 10:52

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×431
×173

question asked: 10 Feb '15, 05:16

question was seen: 21,302 times

last updated: 12 Feb '15, 10:52

p​o​w​e​r​e​d by O​S​Q​A