11.8. Post-Dissection Packet Analysis

11.8.1. Listener

A Listener is called once for every packet that matches a certain filter or has a certain tap. It can read the tree, the packet’s Tvb buffer as well as the tapped data, but it cannot add elements to the tree.

11.8.1.1. Listener.new([tap], [filter], [allfields])

Creates a new Listener tap object.

Arguments
tap (optional)
The name of this tap. See Listener.list() for a way to print valid listener names.
filter (optional)
A display filter to apply to the tap. The tap.packet function will be called for each matching packet. The default is nil, which matches every packet. Example: "m2tp".
allfields (optional)
Whether to generate all fields. The default is false. Note: This impacts performance.
Returns

The newly created Listener listener object

Errors
  • tap registration error

11.8.1.2. Listener.list()

Gets a Lua array table of all registered Listener tap names.

Note: This is an expensive operation, and should only be used for troubleshooting. ===== Example

    -- Print a list of tap listeners to stdout.
    for _,tap_name in pairs(Listener.list()) do
            print(tap_name)
    end
Returns

The array table of registered tap names

11.8.1.3. listener:remove()

Removes a tap Listener.

11.8.1.4. listener:__tostring()

Generates a string of debug info for the tap Listener.

11.8.1.5. listener.packet

Mode: Assign only.

A function that will be called once every packet matches the Listener listener filter.

When later called by Wireshark, the packet function will be given:

  1. A Pinfo object
  2. A Tvb object
  3. A tapinfo table
    function tap.packet(pinfo,tvb,tapinfo) ... end
[Note]Note

tapinfo is a table of info based on the Listener type, or nil.

See epan/wslua/taps for tapinfo structure definitions.

11.8.1.6. listener.draw

Mode: Assign only.

A function that will be called once every few seconds to redraw the GUI objects; in TShark this function is called only at the very end of the capture file.

When later called by Wireshark, the draw function will not be given any arguments.

    function tap.draw() ... end

11.8.1.7. listener.reset

Mode: Assign only.

A function that will be called at the end of the capture run.

When later called by Wireshark, the reset function will not be given any arguments.

    function tap.reset() ... end