Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -- ############################################################################
- -- Continuing our Dissector example at [1], let's say we wanted to print the value
- -- of `foo.str` for packets whose `foo.num` field is >= sqrt(5) (I picked a
- -- condition that couldn't already be achieved with display filters).
- --
- -- This Wireshark Lua script implements a listener for this purpose.
- --
- -- [1]: http://pastebin.com/8j0LhVTQ
- -- ############################################################################
- -- 1. Declare the tap with the `Listener()` function
- local tap = Listener.new(nil, 'foo')
- -- 2. Declare field extractors to pull values of named fields from the current packet
- local f_str = Field.new('foo.str')
- local f_num = Field.new('foo.num')
- -- 3. Declare the tap's packet function
- function tap.packet(pinfo, buf)
- -- check if at least one instance of foo.num is >= sqrt(5)
- local gt_sqrt5 = false
- for _,v in ipairs({ f_num() }) do
- if v >= math.sqrt(5) then
- gt_sqrt5 = true
- break
- end
- end
- if gt_sqrt5 then
- -- print all instances of foo.str from the current packet
- for _,v in ipairs({ f_str() }) do
- print(pinfo.number, 'foo.str', v)
- end
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement