Table of Contents
Lua is a powerful light-weight programming language designed for extending applications. Wireshark contains an embedded Lua 5.2 interpreter which can be used to write dissectors, taps, and capture file readers and writers.
Wireshark’s Lua interpreter starts by loading a file named
Wireshark’s global configuration directory.
The global configuration directory's
init.lua controls whether or not Lua
scripts are enabled via the
enable_lua variable. Lua scripts are enabled by
default. To disable Lua scripts, set the enable_lua variable to false.
Wireshark 2.6 and earlier enabled or disabled Lua scripts using
the variable disable_lua (deprecated). If both enable_lua and
disable_lua are present, disable_lua is ignored.
The command line option -X lua_script:file.lua can also be used to load specific Lua scripts.
The Lua code is executed after all protocol dissectors are initialized and before reading any file.
Wireshark for Windows uses a modified Lua runtime (lua-unicode) to support Unicode (UTF-8) filesystem paths. This brings consistency with other platforms (for example, Linux and macOS).