This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What is a tap, and how do I use one with the Lua interface?

0

I want to understand what is meant by "tap" in Lua API. Specifically, I would like clarification on the following:

  • How I can use a tap and what are the benefits?
  • What is resetting a tap?
  • What is removing a tap?
  • What information is lost when the tap is reset or removed?
  • When is the information lost when the reset and remove functions are called?
  • What is the difference between these two functions?

asked 02 Feb '12, 04:26

Leena's gravatar image

Leena
51171821
accept rate: 0%

edited 02 Feb '12, 18:26

helloworld's gravatar image

helloworld
3.1k42041

1

Have you read README.tapping for some insights? It's C oriented, but talks about taps.

(02 Feb '12, 05:18) Jaap ♦

One Answer:

1

As Jaap pointed out, the README is a great resource in understanding taps. The Wireshark User Manual also includes a page on taps (aka "Listener") (but it's sadly sparse and actually outdated).

What is resetting a tap?

listener.reset() is an interface function (or a callback) that Wireshark automatically calls as a notification to reset any state for the tap (e.g., counters). It's called on opening (and closing) a capture file or by the Refresh Button in Wireshark. If you don't maintain state, you don't need to implement this.

What is removing a tap?

listener.remove() unregisters the tap thereby ending any subsequent calls to listener.packet(), listener.reset(), and listener.draw(). Why call it? Think of this as turning off the light when you leave the room. It's an important step to conserve resources in Wireshark.

What information is lost when the tap is reset or removed?

Short answer: "none"

By "information", I assume you mean some kind of state variable. No information is maintained by the tap. State variables would have to be declared outside of the tap. Therefore, destroying the tap has no effect on the state.

When is the information lost when the reset and remove functions are called?

N/A (see previous answer)

What is the difference between these two functions?

See above

answered 02 Feb '12, 18:25

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%