Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] wireshark, tap, and tcp re-assembly

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "bergenpeak@xxxxxxxxxxx" <bergenpeak@xxxxxxxxxxx>
Date: Mon, 04 May 2009 13:58:57 -0600

Doing some googling and found a mail thread where someone was looking to have wireshark perform tcp re-assembly directly so that they could then write a script to process the assembled code. 

I'm looking for something like this as well.
In the thread, there was mention of constructing a "tap" to do this. It looks like this might use something called "lua". There are some examples in the docs, but there's not enough explanation for me to make sense of it or how to use it. 
Anyone familiar with how to do this?
I'm really looking to parse the packets via net:pcap; i'm not sure if lua would change the pcap content that I would then access via net:pcap or if there's a way in net:pcap to do what i want. I'm trying to avoid writing the code to perform tcp re-assembly on captured files. 

Thanks
  • Prev by Date: [Wireshark-users] Packets arrive to wireshark bu t they don’t arrive to my application.
  • Next by Date: [Wireshark-users] compile wireshark problem
  • Previous by thread: [Wireshark-users] Packets arrive to wireshark bu t they don’t arrive to my application.
  • Next by thread: [Wireshark-users] compile wireshark problem
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation