On Thu, Mar 16, 2017 at 08:45:34PM +0000, Kunal Thakrar wrote: > Hi Peter, > > So if using the Lua API, if I put a script which primes the fields I > am interested in within the plugins folder I will be able to access > information such as the IP addresses (to see which TCP connection it > was part of) and any information about the HTTP packets (obviously if > it was, in fact, part of a TCP connection).
Yes, here you can find some examples of doing this in Lua: https://github.com/Lekensteyn/lglaf/blob/master/lglaf.lua https://git.lekensteyn.nl/peter/wireshark-notes/tree/lua/r8152.lua See "usb_transfer_type". Note that the number of returned values may be larger than 1. In case you want to access all addresses, you could try something like: local ip_addr = Field.new("ip.addr") local my_proto = Proto.new("my_proto", "My Proto") function my_proto.dissect(tvb, pinfo, tree) -- Note: Lua language feature: if my_proto returns more than 1 -- item, using it as last element of the array results in -- appending all returned values to this array local fields = { my_proto() } -- ... end register_postdissector(my_proto) Alternatively, use ip.src and ip.dst for specific addresses (but note that in case of tunneled traffic you may still have multiple occurrences). -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
