http://wiki.wireshark.org/Lua
Br,
Lars
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of David
> Sent: mardi 5 février 2008 11:20
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: [Wireshark-users] Wireshark scripting?
>
> Has any thought ever been given to giving Wireshark a
> scripting engine? I'm not fussed what language, Python or
> similar would be nice. This could make it much easier to do
> custom things with packets or streams.
>
> As I see it, Wireshark currently has some excellent features such as:
>
> - fairly reliable stream reassembly
> - excellent protocol decoding
> - a command-line equivalent that has all the same features
> - standard pcap filtering but also display filtering with
> access to protocol fields
>
> From a scripting engine, the following sorts of things would
> be useful and allow Wireshark to undertake a whole variety of
> extra tasks:
>
> - per packet or per stream inspection
> - access to the raw packet data at a certain level (e.g.
> Ethernet->IP->TCP->data) to save it/inspect it
> - access to headers of certain protocols to rewrite them, e.g.
> changing MAC addresses or vlan headers
> - access to the decoded protocol fields, e.g.
> TCP->data->http.request.uri
>
> Many of the current statistics scripts could be rewritten
> using it, which might suffer a speed penalty but would allow
> a lot of customisation.
>
> There are plenty of tools to do some of these things but many
> of them struggle with anything other than pcap (or can only
> capture from the network), cannot handle frames with extra
> headers such as vlan, will only process ethernet etc.
>
> David
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>