Chapter 10. Lua Support in Wireshark

Table of Contents

10.1. Introduction
10.2. Example: Creating a Menu with Lua
10.3. Example: Dissector written in Lua
10.4. Example: Listener written in Lua

10.1. Introduction

Lua is a powerful light-weight programming language designed for extending applications. Wireshark contains an embedded Lua 5.2 interpreter which can be used to write dissectors, taps, and capture file readers and writers.

Wireshark’s Lua interpreter starts by loading a file named init.lua from Wireshark’s global configuration directory. The global configuration directory's init.lua controls whether or not Lua scripts are enabled via the enable_lua variable. Lua scripts are enabled by default. To disable Lua scripts, set the enable_lua variable to false. Wireshark 2.6 and earlier enabled or disabled Lua scripts using the variable disable_lua (deprecated). If both enable_lua and disable_lua are present, disable_lua is ignored.

If Lua is enabled, Wireshark will try to load a file named init.lua from the user’s personal configuration directory and all files ending with .lua in the global and the personal plugins directory.

The command line option -X lua_script:file.lua can also be used to load specific Lua scripts.

The Lua code is executed after all protocol dissectors are initialized and before reading any file.

Wireshark for Windows uses a modified Lua runtime (lua-unicode) to support Unicode (UTF-8) filesystem paths. This brings consistency with other platforms (for example, Linux and macOS).