Wireshark · Wireshark-users: Re: [Wireshark-users] Lua: detect capture filename and end of captur

[Tony Trinh <tony19@xxxxxxxxx>]

No, neither is possible from Wireshark Lua, but you don't need to know any of that if you're just interested in collecting statistics for a particular capture file.

tshark (with awk) might be the better solution in this case. See the -z parameter in the man-page for tshark: http://www.wireshark.org/docs/man-pages/tshark.html

But if you really want to use Lua, you can run a Lua tap on a capture file (from tshark).

On Thu, Sep 29, 2011 at 3:00 AM, <j.kalsbach@xxxxxxxxxxxxxxxx> wrote:

Hi all,

I have two short questions concerning lua scripting for wireshark:

1) Is it possible to detect the name of the capture file currently read from within lua?
2) Is it possible to detect the end of the capture from within lua?

The reasoning is quite simple: Want to do some custom statistics for the whole file like "% of DNS requests in capture file" etc.

It's basically about functionality provided by the END block in awk.

Any help is appreciated.

Many thanks in advance,

BR,

Jörg

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe