- 论坛徽章:
- 0
|
在 wireshark 中使用 LUA
备忘一下,首先要安装支持 Lua 版本的 wireshark (缺省是 0.9.9.4以后支持,编译的时候有选项控制是否支持 Lua)。
tshark 可以通过 tshark -v 看看输出中是否有“with Lua”的字样。如果有,则说明支持。
wireshark 可以查看 Help 菜单里面的 About Wireshark。如果里面有“with Lua”的字样,则说明支持。
然后找到 wireshark 安装目录,打开 init.lua 找到 disable_lua 这一行,用 — 注释掉。这样 wireshark 就会支持 Lua 了。另外,如果在 init.lua 中加入 dofile(”test.lua”) ,wireshark 或 tshark 就会在每次启动过程中自动载入执行 test.lua
嗯~ wireshark 有了很强大的工具了 ……
附:
Wireshark 的 Lua 的相关文档
Lua
![]()
Lua is a powerful light-weight programming language designed for extending applications. Lua is designed and implemented by a
team
at
PUC-Rio
, the Pontifical Catholic University of Rio de Janeiro in Brazil. Lua was born and raised at
Tecgraf
, the Computer Graphics Technology Group of PUC-Rio, and is now housed at
Lua.org
. Both Tecgraf and Lua.org are laboratories of the
Department of Computer Science
.
Lua's been added to Wireshark as a language for prototyping and scripting.
For more information about Lua refer to
Lua's main site
, there you can find its
Reference Manual
and a
book
that describes the language. There is also
The lua-users wiki
.
Beware the GPLWireshark is released under
GPL
so every derivative work based on Wireshark must be released under the terms of the GPL.
![]()
Even if the code you write in Lua does not need to be GPL'ed. The code written in Lua that uses bindings to Wireshark must be distributed under the GPL terms. see the
GPL FAQ
for more info
![]()
There is at least one Wireshark author that will not allow to distribute derivative work under different terms. To distribute Lua code that uses Wireshark's bindings under different terms would be a clear violation of the GPL.
If it isn't clear to you what the GPL is and how it works please consult your lawyer.
Lua in WiresharkLua can be used to write
dissectors
, post-dissectors and
taps
.
Although it's possible to write
dissectors
in Lua, Wireshark dissectors are written in C, as C is several times faster than Lua. Lua is ok for prototyping dissectors, during Reverse Engineering you can use your time for finding out how things work instead of compiling and debugging your C dissector.
Post-dissectors are dissectors meant to run after every other dissector has run. They can add items the dissection tree so they can be used to create your own extensions to the filtering mechanism.
/Taps
are used to collect information after the packet has been dissected.
Getting StartedLua has shipped with the Windows version of Wireshark since 0.99.4. Availability on other platforms varies. To see if your version of Wireshark supports Lua, go to Help→About Wireshark and look for Lua in the "Compiled with" paragraph.
![]()
In some older versions Lua was available as a plugin.
To test Lua on your system, do the following:
Make sure Lua is enabled in the global configuration as described below in How Lua Fits Into Wireshark
Create a simple Lua script such as: -- hello.lua
-- Lua's implementation of D. Ritchie's hello world program.
print("hello world!")Name this script hello.lua and place it in the current directory.
Run tshark -X lua_script:hello.lua from the command prompt. You should see something like:
$ tshark -X lua_script:hello.lua
hello world!
Capturing on en0
1 0.000000 111.123.234.55 -> 111.123.234.255 NBNS Name query NB XXX.COMIf you can read "hello world!" in the first line after you run tshark Lua is ready to go!
![]()
Please note: On Windows, you may not see any output when running Lua scripts in Wireshark. If the console window is enabled it will be opened after the lua engine is loaded. This does not affect TShark, since it is a console program.
How Lua fits into WiresharkEvery time wireshark starts it will search for a script called init.lua located in the global configuration directory of Wireshark. If Wireshark finds this file it will run the script.
Once /init.lua has run that there are two variables that tell wireshark whether to continue looking for scripts.
If the first init script sets the variable disable_lua to true Wireshark will stop reading scripts and shut down the lua engine right after the script was run.
If Wireshark is running suexec (i.e. as root but launched by another user) it will check if the variable run_user_scripts_when_superuser is set to true before loading any further scripts.
Once this first script was run Wireshark will continue running /init.lua and then all scripts passed with the -X lua_script:xxx.lua command line option in the given order.
All these scripts will be run before packets are read, at the end of the dissector registration process. So, what you have to do is to register a series of functions that will be called while processing packets.
Wireshark's Lua APIThe automatically generated documentation to the API can be found
here
ExamplesExamples of generic Lua code can be found in
The Sample Code
page of Lua-Users wiki.
Examples of wireshark specific scripts can be found in
here
External Links
DiscussionThis page is a good start. However, some things remain unclear:
- How to install/use lua?
- What's the difference between a post-dissector and a tap
That's what it is, a start... I think it's soon to complete as things are changing as I go ahead.
- I do not have yet a clear idea on how Lua will be invoked from wireshark.
- So far as a temporary solution:
- it either looks for ~/.wireshark/init.lua and loads that script
- or looks for a file pointed by the environment variable WIRESHARK_LUA_INIT.
- It will change as soon as I (or someone else, proposals are welcome) come out with a good way to do it.
- Tap vs. Postdissector
- a post dissector is it's like a normal dissector called every time a tree needs to be generated for a frame it just gets called at last.
- a tap is run once after the first dissection of a packet and it has no access to the tree, it cannot add fields (a postdissector can but it will be called every time a tree needs to be generated).
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/79955/showart_1864043.html |
|
免费注册
发表于 2009-03-15 19:54