Hi, Okay, I've tried creating a Wireshark Lua plugin however I'm unable to keep a thread open in the background to change the GUI-filter without blocking the Wireshark main thread. I've even tried creating a separate Lua thread which doesn't work either. The other option that I have investigated was: to register the server accept() call into an API call similar to "register_postdissector" (which is "called for every frame after dissection") however there are no such suitable API calls (and to be honest it would be a terrible hack!).
So I guess that leaves me with a two questions: > Is there a better way of using Lua such that I can have a socket open in the background? > If not: is there a procedure for getting my (small) C++ change reviewed and getting it built into Wireshark? Any help you can offer would be appreciated. Thanks, Lee On 12 February 2013 16:26, Lee Brooks <lee.brooks.in...@gmail.com> wrote: > Hi, > > The tool wasn't written inside Wireshark because it started off as > a dissertation project where the GNU General Public License was problematic > for the sponsoring party. Since then the third party have agreed to release > the IP to the authors, allowing it to be released Open Source. > > The application is used for analysing large amounts of data (>500Mb) so > re-starting Wireshark (although not impossible) would take too long each > time the user wants to update the filter. > > Thank you for your advice, I will look into the Wireshark Lua plugin. > > Thanks, > > Lee > > > On 11 February 2013 17:53, Hadriel Kaplan <hkap...@acmepacket.com> wrote: > >> >> Not critiquing your approach, but if you've got a tool that analyzes >> pcap data for TCP/IP connections/stats, and also uses Wireshark, why not >> just write the tool *inside* Wireshark? (e.g., as a tap) >> Alternatively, if your tool is stand-alone and uses Wireshark only for >> detailed drill-down on-demand, why not start Wireshark with the command >> line and use the "-R" command-line option to set the display filter? >> >> Otherwise, using sockets/pipes to do it seems reasonable, but you may >> not need to modify Wireshark's C-code to accomplish it - you might be able >> use a Wireshark Lua plugin which uses LuaSocket to communicate to your >> application, and have the Lua plugin call set_filter() and apply_filter() >> to change the display filter. >> >> -hadriel >> >> >> On Feb 11, 2013, at 5:43 AM, Lee Brooks <lee.brooks.in...@gmail.com> >> wrote: >> >> Hi, >> >> Thank you for replying. >> >> Sure, firstly for other bespoke network analysis tools that aim to use >> Wireshark to analyse low level network data (but where the main focus of >> the tool isn't aimed at that level of detail). In comparison to it's >> alternatives Wireshark is feature-rich, very customisable and also stable >> which makes it desirable to hook into from other applications. This type of >> tool ranges from in-house testing tools to other open-source applications. >> >> For my self personally, a colleague and I are hoping to release a >> light-weight open source tool that provides a top-down view on network >> data. It has already been written, tested and used in anger by others at >> the company where we work. It analyses pcap data then provides statistics >> on a list of IP conversations between hosts, allowing you to drill down >> into details about the TCP Connections for each conversation. Then from TCP >> Connections it can drill down into the individual packet data where it >> currently hooks into a prototype-dev version of Wireshark (by changing the >> filters on the GUI). It also provides the ability to script your own data >> classifications to help identify specific network conditions quickly. Our >> aim is to release it to the open source community within the next few >> weeks/months. >> >> In my opinion I would rather connect to a Wireshark remote control API >> than use a bespoke version or re-create the wheel. >> >> I think a "GUI remote control" would only need to support "Change GUI >> Filter" and "Remove GUI Filter" although it has a lot more potential too. I >> have implemented these controls in our prototype-dev version or Wireshark >> and the source code supports it fairly well. >> >> Any help you can offer would be appreciated. >> >> Thanks, >> >> Lee >> >> >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe >> > >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
