Hi,
I started to use MATE to link packets to each other in Wiresharl/Tshark
and do some analysis on the set. I was able to get some things working
aleady and I think it is a great plugin. I do have some questions
though. When I look at the information on the Wiki I am a bit confused
by the two syntax formats.
The first format is like:
Pdu dns_pdu Proto dns Transport ip {
Extract addr From ip.addr;
Extract dns_id From dns.id;
Extract dns_resp From dns.flags.response;
};
The second format is like:
Action=Transform; Name=start_cond; attr1=aaa; attr2=bbb; .msg_type=start;
Action=Transform; Name=start_cond; attr3=www; attr2=bbb; .msg_type=start;
Action=Transform; Name=start_cond; attr5^a; .msg_type=stop
Action=Transform; Name=start_cond; attr6$z; .msg_type=stop;
Action=PduDef; Name=pdu; ...
Action=PduTransform; For=pdu; Name=start_cond;
Action=GopDef; Name=gop; ...
Action=GopStart; For=gop; msg_type=start;
Action=GopStart; For=gop; msg_type=stop;
At this time I find the first format much more clear, but most of
the examples use the second format.
Are the two totally interchangeable?
If so, how should I translate one to the other? Any general rules on that?
If not, which of the two is the "richest"? Is one just a replacement to
the other?
Another question is how MATE and LUA relate to each other, I know LUA is
far more extensive in its possibilities, but is it also possible to easily
write LUA scripts for the things MATE is good at? Ie, would learning to
write LUA scripts make learning to write MATE scripts obsolete?
Cheers,
Sake
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
