Chapter 11. Wireshark’s Lua API Reference Manual
This Part of the User Guide describes the Wireshark specific functions in the embedded Lua.
Classes group certain functionality, the following notational conventions are
used:
-
Class.function() represents a class method (named function) on class
Class, taking no arguments.
-
Class.function(a) represents a class method taking one argument.
-
Class.function(…) represents a class method taking a variable number of
arguments.
-
class:method() represents an instance method (named method) on an instance
of class Class, taking no arguments. Note the lowercase notation in the
documentation to clarify an instance.
-
class.prop represents a property prop on the instance of class Class.
Trying to access a non-existing property, function or method currently gives an
error, but do not rely on it as the behavior may change in the future.
11.1. Saving capture files
The classes/functions defined in this module are for using a Dumper
object to
make Wireshark save a capture file to disk. Dumper
represents Wireshark’s built-in
file format writers (see the wtap_filetypes
table in init.lua
).
To have a Lua script create its own file format writer, see the chapter titled
"Custom file format reading/writing".
11.1.1.1. Dumper.new(filename, [filetype], [encap])
Creates a file to write packets.
Dumper:new_for_current()
will probably be a better choice.
Arguments
- filename
-
The name of the capture file to be created.
- filetype (optional)
-
The type of the file to be created - a number entry from the
wtap_filetypes
table in init.lua
.
- encap (optional)
-
The encapsulation to be used in the file to be created - a number entry from the
wtap_encaps
table in init.lua
.
Returns
The newly created Dumper object
Closes a dumper.
Errors
-
Cannot operate on a closed dumper
Writes all unsaved data of a dumper to the disk.
11.1.1.4. dumper:dump(timestamp, pseudoheader, bytearray)
Dumps an arbitrary packet.
Note: Dumper:dump_current() will fit best in most cases.
Arguments
- timestamp
-
The absolute timestamp the packet will have.
- pseudoheader
-
The
PseudoHeader
to use.
- bytearray
-
The data to be saved
11.1.1.5. dumper:new_for_current([filetype])
Creates a capture file using the same encapsulation as the one of the current packet.
Arguments
- filetype (optional)
-
The file type. Defaults to pcap.
Returns
The newly created Dumper Object
Errors
-
Cannot be used outside a tap or a dissector
11.1.1.6. dumper:dump_current()
Dumps the current packet as it is.
Errors
-
Cannot be used outside a tap or a dissector
A pseudoheader to be used to save captured frames.
11.1.2.1. PseudoHeader.none()
Creates a "no" pseudoheader.
Returns
A null pseudoheader
11.1.2.2. PseudoHeader.eth([fcslen])
Creates an ethernet pseudoheader.
Arguments
- fcslen (optional)
-
The fcs length
Returns
The ethernet pseudoheader
11.1.2.3. PseudoHeader.atm([aal], [vpi], [vci], [channel], [cells], [aal5u2u], [aal5len])
Creates an ATM pseudoheader.
Arguments
- aal (optional)
-
AAL number
- vpi (optional)
-
VPI
- vci (optional)
-
VCI
- channel (optional)
-
Channel
- cells (optional)
-
Number of cells in the PDU
- aal5u2u (optional)
-
AAL5 User to User indicator
- aal5len (optional)
-
AAL5 Len
Returns
The ATM pseudoheader
11.1.2.4. PseudoHeader.mtp2([sent], [annexa], [linknum])
Creates an MTP2 PseudoHeader.
Arguments
- sent (optional)
-
True if the packet is sent, False if received.
- annexa (optional)
-
True if annex A is used.
- linknum (optional)
-
Link Number.
Returns
The MTP2 pseudoheader