http://wiki.wireshark.org/Lua
Br, Lars > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David > Sent: mardi 5 février 2008 11:20 > To: wireshark-users@wireshark.org > Subject: [Wireshark-users] Wireshark scripting? > > Has any thought ever been given to giving Wireshark a > scripting engine? I'm not fussed what language, Python or > similar would be nice. This could make it much easier to do > custom things with packets or streams. > > As I see it, Wireshark currently has some excellent features such as: > > - fairly reliable stream reassembly > - excellent protocol decoding > - a command-line equivalent that has all the same features > - standard pcap filtering but also display filtering with > access to protocol fields > > From a scripting engine, the following sorts of things would > be useful and allow Wireshark to undertake a whole variety of > extra tasks: > > - per packet or per stream inspection > - access to the raw packet data at a certain level (e.g. > Ethernet->IP->TCP->data) to save it/inspect it > - access to headers of certain protocols to rewrite them, e.g. > changing MAC addresses or vlan headers > - access to the decoded protocol fields, e.g. > TCP->data->http.request.uri > > Many of the current statistics scripts could be rewritten > using it, which might suffer a speed penalty but would allow > a lot of customisation. > > There are plenty of tools to do some of these things but many > of them struggle with anything other than pcap (or can only > capture from the network), cannot handle frames with extra > headers such as vlan, will only process ethernet etc. > > David > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
