Wireshark-users: Re: [Wireshark-users] Wireshark scripting?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Lars Ruoff" <lars.ruoff@xxxxxxxxxxxxxxxxx>
Date: Tue, 5 Feb 2008 11:49:53 +0100
Rather start here:
http://www.wireshark.org/docs/wsug_html_chunked/wsluarm.html
 

> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx 
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Lars Ruoff
> Sent: mardi 5 février 2008 11:41
> To: 'Community support list for Wireshark'
> Subject: Re: [Wireshark-users] Wireshark scripting?
> 
> 
> http://wiki.wireshark.org/Lua
> 
> Br,
> Lars
> 
> > -----Original Message-----
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of David
> > Sent: mardi 5 février 2008 11:20
> > To: wireshark-users@xxxxxxxxxxxxx
> > Subject: [Wireshark-users] Wireshark scripting?
> > 
> > Has any thought ever been given to giving Wireshark a scripting 
> > engine?  I'm not fussed what language, Python or similar would be 
> > nice.  This could make it much easier to do custom things 
> with packets 
> > or streams.
> > 
> > As I see it, Wireshark currently has some excellent 
> features such as:
> > 
> > - fairly reliable stream reassembly
> > - excellent protocol decoding
> > - a command-line equivalent that has all the same features
> > - standard pcap filtering but also display filtering with access to 
> > protocol fields
> > 
> >  From a scripting engine, the following sorts of things would be 
> > useful and allow Wireshark to undertake a whole variety of extra 
> > tasks:
> > 
> > - per packet or per stream inspection
> > - access to the raw packet data at a certain level (e.g.  
> > Ethernet->IP->TCP->data) to save it/inspect it
> > - access to headers of certain protocols to rewrite them, e.g.  
> > changing MAC addresses or vlan headers
> > - access to the decoded protocol fields, e.g. 
> > TCP->data->http.request.uri
> > 
> > Many of the current statistics scripts could be rewritten using it, 
> > which might suffer a speed penalty but would allow a lot of 
> > customisation.
> > 
> > There are plenty of tools to do some of these things but 
> many of them 
> > struggle with anything other than pcap (or can only capture 
> from the 
> > network), cannot handle frames with extra headers such as 
> vlan, will 
> > only process ethernet etc.
> > 
> > David
> > 
> > 
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> > 
> 
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>