Chapter 10. Lua Support in Wireshark

Table of Contents

10.1. Introduction
10.2. Example of Dissector written in Lua
10.3. Example of Listener written in Lua
10.4. Wireshark's Lua API Reference Manual
10.4.1. Saving capture files
10.4.2. Obtaining dissection data
10.4.3. GUI support
10.4.4. Post-dissection packet analysis
10.4.5. Obtaining packet information
10.4.6. Functions for writing dissectors
10.4.7. Adding information to the dissection tree
10.4.8. Functions for handling packet data
10.4.9. Utility Functions

10.1. Introduction

Wireshark has an embedded Lua interpreter. Lua is a powerful light-weight programming language designed for extending applications. Lua is designed and implemented by a team at PUC-Rio, the Pontifical Catholic University of Rio de Janeiro in Brazil. Lua was born and raised at Tecgraf, the Computer Graphics Technology Group of PUC-Rio, and is now housed at Lua.org. Both Tecgraf and Lua.org are laboratories of the Department of Computer Science.

In Wireshark Lua can be used to write dissectors and taps.

Wireshark's Lua interpreter starts by loading init.lua that is located in the global configuration directory of Wireshark. Lua is disabled by default by setting the variable disable_lua to true in init.lua. To enable lua the line that sets that variable must be removed or commented out.

After loading init.lua from the data directory if lua is enabled Wireshark will try to load a file named init.lua in the user's directory.

The command line option -X lua_script:<file.lua> can be used to load lua scripts as well.

The Lua code will be executed once after all the protocols have being initialized and before reading any file.