Wireshark-users: Re: [Wireshark-users] 2 questions

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxx>
Date: Fri, 9 Feb 2024 17:36:29 +0000
> -----Original Message-----
> From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On
> Behalf Of Maynard, Chris via Wireshark-users
> Sent: Tuesday, February 6, 2024 12:21 PM
> To: 'Community support list for Wireshark' <wireshark-
> users@xxxxxxxxxxxxx>
> Cc: Maynard, Chris <Christopher.Maynard@xxxxxxx>
> Subject: Re: [Wireshark-users] 2 questions
>
> > -----Original Message-----
> > From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On
> > Behalf Of Jean-Michel Collard
> > Sent: Saturday, December 30, 2023 9:37 PM
> > To: wireshark-users@xxxxxxxxxxxxx
> > Subject: [Wireshark-users] 2 questions
> >
> > When one right click on a packet there is no whois ?
> Correct.

If you're looking for some basic whois integration into Wireshark, then *maybe* the attached Lua script would be useful to you?  To try it out, save it to your Personal Lua Plugins directory, which you can find via "Help -> About Wireshark -> Folders -> Personal Lua Plugins".  If the folder doesn't exist, then just create it.  After that restart Wireshark or just reload Lua Plugins via "Analyze -> Reload Lua Plugins", or by using the shortcut combo, Ctrl+Shift+L.  Now you should have a new "Whois" entry under Tools.  If you click on it, it should open up a new window where you can enter your query, which must be on the first line of the text window, and then click the "Whois" button to see the results.  (Sample screenshot also attached.)

NOTE: I only tested this on Windows, and for whois to work, you need to either download the Whois tool from https://learn.microsoft.com/en-us/sysinternals/downloads/whois or download the entire Sysinternals Suite, which includes the Whois tool.  Once downloaded, extract the zip archive into a folder in your path so Wireshark can run it.

Of course you can just run whois from the command-line as well; this plugin just makes it *perhaps* a little easier to use by having it integrated into Wireshark?
- Chris
P.S. I included a companion nslookup Lua script as well, which works very similarly to the whois Lua script, in case that's also of any use to you.
P.P.S. If these scripts are of any value to others, I suppose I could upload them to https://wiki.wireshark.org/Contrib.  Someone should probably test them on other platforms first though to be sure they work similarly as they do on Windows.











CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.

Attachment: whois.png
Description: whois.png

Attachment: nslookup.png
Description: nslookup.png

Attachment: whois.lua
Description: whois.lua

Attachment: nslookup.lua
Description: nslookup.lua