11.4. Post-dissection packet analysis

11.4.1. Listener

A Listener is called once for every packet that matches a certain filter or has a certain tap. It can read the tree, the packet’s Tvb buffer as well as the tapped data, but it cannot add elements to the tree.

11.4.1.1. Listener.new([tap], [filter], [allfields])

Creates a new Listener listener object.

Arguments
tap (optional)
The name of this tap.
filter (optional)
A filter that when matches the tap.packet function gets called (use nil to be called for every packet).
allfields (optional)
Whether to generate all fields. (default=false)
[Note]Note

this impacts performance.

Returns

The newly created Listener listener object

Errors
  • tap registration error

11.4.1.2. Listener.list()

Gets a Lua array table of all registered Listener tap names.

[Note]Note

this is an expensive operation, and should only be used for troubleshooting.

Since: 1.11.3

Returns

The array table of registered tap names

11.4.1.3. listener:remove()

Removes a tap Listener.

11.4.1.4. listener:__tostring()

Generates a string of debug info for the tap Listener.

11.4.1.5. listener.packet

Mode: Assign only.

A function that will be called once every packet matches the Listener listener filter.

When later called by Wireshark, the packet function will be given:

  1. A Pinfo object
  2. A Tvb object
  3. A tapinfo table
 function tap.packet(pinfo,tvb,tapinfo) ... end
[Note]Note

tapinfo is a table of info based on the `Listener’s type, or nil.

11.4.1.6. listener.draw

Mode: Assign only.

A function that will be called once every few seconds to redraw the GUI objects; in Tshark this funtion is called only at the very end of the capture file.

When later called by Wireshark, the draw function will not be given any arguments.

 function tap.draw() ... end

11.4.1.7. listener.reset

Mode: Assign only.

A function that will be called at the end of the capture run.

When later called by Wireshark, the reset function will not be given any arguments.

 function tap.reset() ... end