Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Question regarding using Taps in Lua

From: Holger Freyther <holger+ws@xxxxxxxxxxx>
Date: Thu, 21 Oct 2010 09:39:27 +0200
Hi all,

I wrote a simple lua script[1] with the intention to split a trace based on
SCCP connections and then only keep the connections that have shown kind of a
problem. In general it is working fine but I have one problem. I am missing
SCCP packets in my trace. I wonder if the following might be an explanation.
What happens if there are multiple IP packets in one Ethernet frame? Will
tap:packet be called for each IP packet inside the frame or will I need to
iterate over the packets from within the tap:packet() call?

Can there be any explanation besides my code being wrong?

h.






[1]
http://openbsc.osmocom.org/trac/browser/openbsc/contrib/a-link/sccp-split-by-con.lua