This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Lua Listener - TCP flags

0

I've written a small Lua Listener.
I wish to visit every TCP packet received.
Here's how I declare the tap:

    local tap = Listener.new("tcp")

And here's how I try to take the flags state.

    if (tcp.flags) then

Within the tcp.packet method.
The code does not work as I expect it to work. I want to be able to grab to TCP flags state.

asked 07 Dec '11, 03:18

Trevor's gravatar image

Trevor
41448
accept rate: 0%

One Answer:

2

First, you need to declare a Field that extracts tcp.flags from the current packet. Then, you call the Field object within tap.packet() to get the FieldInfo object that contains the value of the flags (as shown in the Lua below, tested in Wireshark 1.7.0).

-- There are two arguments to `Listener.new`; you were missing
-- the first arg in your question.
local tap = Listener.new(nil, "tcp")

– Declare a Field to extract tcp.flags. This must be done
– outside of tap.packet.
local f_flags = Field.new("tcp.flags")


– Packet handler
local function tap.packet(pinfo, buf)
– When called, the f_flags field extracts tcp.flags from
– the current packet and returns a FieldInfo object.
local f = f_flags()
if f then
print(string.format("tcp.flags = %#x", f.value))
end
end

answered 07 Dec ‘11, 04:40

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

Wow - you really gave a lot - beyond the obvious immediate solution. I just did not know how to properly work with Lua scripting in WS. Many many thanks Helloworld :) !

(07 Dec ‘11, 05:58) Trevor