This is a static archive of our old Q&A Site. Please post any new questions and answers at

Lua callbacks and “Packet size limited during capture”


I compare tshark performances with tsv output with Lua script vs "-T fields" output on HTTP packets. (Disclaimer: Lua is 2x faster!)

I have some differences in output, some HTTP packets are missing in Lua's output. When I digged in, I realized that they concern truncated packets during capture that seem to not match my"http")

It seems that if a packet is truncated, in the middle of HTTP for ex, and the dissector can not be fully applied, then Lua's callback on http.packet() is not called.

But my truncated HTTP is well displayed in Wireshark and tshark with "-T fields"

Can someone confirm me this behavior with Lua listeners? Is there a workaround?

asked 16 Dec '15, 01:52

TomLaBaude's gravatar image

accept rate: 66%