Rather start here: http://www.wireshark.org/docs/wsug_html_chunked/wsluarm.html
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Lars Ruoff > Sent: mardi 5 février 2008 11:41 > To: 'Community support list for Wireshark' > Subject: Re: [Wireshark-users] Wireshark scripting? > > > http://wiki.wireshark.org/Lua > > Br, > Lars > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of David > > Sent: mardi 5 février 2008 11:20 > > To: wireshark-users@wireshark.org > > Subject: [Wireshark-users] Wireshark scripting? > > > > Has any thought ever been given to giving Wireshark a scripting > > engine? I'm not fussed what language, Python or similar would be > > nice. This could make it much easier to do custom things > with packets > > or streams. > > > > As I see it, Wireshark currently has some excellent > features such as: > > > > - fairly reliable stream reassembly > > - excellent protocol decoding > > - a command-line equivalent that has all the same features > > - standard pcap filtering but also display filtering with access to > > protocol fields > > > > From a scripting engine, the following sorts of things would be > > useful and allow Wireshark to undertake a whole variety of extra > > tasks: > > > > - per packet or per stream inspection > > - access to the raw packet data at a certain level (e.g. > > Ethernet->IP->TCP->data) to save it/inspect it > > - access to headers of certain protocols to rewrite them, e.g. > > changing MAC addresses or vlan headers > > - access to the decoded protocol fields, e.g. > > TCP->data->http.request.uri > > > > Many of the current statistics scripts could be rewritten using it, > > which might suffer a speed penalty but would allow a lot of > > customisation. > > > > There are plenty of tools to do some of these things but > many of them > > struggle with anything other than pcap (or can only capture > from the > > network), cannot handle frames with extra headers such as > vlan, will > > only process ethernet etc. > > > > David > > > > > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@wireshark.org > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
