Chapter 11. Wireshark’s Lua API Reference Manual

Class.function() represents a class method (named function) on class Class, taking no arguments.
Class.function(a) represents a class method taking one argument.
Class.function(…) represents a class method taking a variable number of arguments.
class:method() represents an instance method (named method) on an instance of class Class, taking no arguments. Note the lowercase notation in the documentation to clarify an instance.
class.prop represents a property prop on the instance of class Class.

Trying to access a non-existing property, function or method currently gives an error, but do not rely on it as the behavior may change in the future.

11.1. Saving Capture Files

The classes/functions defined in this module are for using a Dumper object to make Wireshark save a capture file to disk. Dumper represents Wireshark’s built-in file format writers (see the wtap_name_to_file_type_subtype function).

(The wtap_filetypes table in init.lua is deprecated, and should only be used in code that must run on Wireshark 3.4.3 and earlier 3.4 releases or in Wireshark 3.2.11 and earlier 3.2.x releases.)

To have a Lua script create its own file format writer, see the chapter titled "Custom file format reading/writing".

11.1.1. Dumper

11.1.1.1. Dumper.new(filename, [filetype], [encap])

Creates a file to write packets. Dumper:new_for_current() will probably be a better choice.

Arguments

filename: The name of the capture file to be created.

filetype (optional): The type of the file to be created - a number returned by wtap_name_to_file_type_subtype(). (The wtap_filetypes table in init.lua is deprecated, and should only be used in code that must run on Wireshark 3.4.3 and earlier 3.4 releases or in Wireshark 3.2.11 and earlier 3.2.x releases.)

encap (optional): The encapsulation to be used in the file to be created - a number entry from the wtap_encaps table in init.lua.

Returns

The newly created Dumper object

11.1.1.2. dumper:close()

Closes a dumper.

Errors

Cannot operate on a closed dumper

11.1.1.3. dumper:flush()

Writes all unsaved data of a dumper to the disk.

11.1.1.4. dumper:dump(timestamp, pseudoheader, bytearray)

Dumps an arbitrary packet. Note: Dumper:dump_current() will fit best in most cases.

Arguments

timestamp: The absolute timestamp the packet will have.

pseudoheader: The PseudoHeader to use.

bytearray: The data to be saved

11.1.1.5. dumper:new_for_current([filetype])

Creates a capture file using the same encapsulation as the one of the current packet.

Arguments

filetype (optional): The file type. Defaults to pcap.

Returns

The newly created Dumper Object

Errors

Cannot be used outside a tap or a dissector

11.1.1.6. dumper:dump_current()

Dumps the current packet as it is.

Errors

Cannot be used outside a tap or a dissector

11.1.2. PseudoHeader

A pseudoheader to be used to save captured frames.

11.1.2.1. PseudoHeader.none()

Creates a "no" pseudoheader.

Returns

A null pseudoheader

11.1.2.2. PseudoHeader.eth([fcslen])

Creates an ethernet pseudoheader.

Arguments

fcslen (optional): The fcs length

Returns

The ethernet pseudoheader

11.1.2.3. PseudoHeader.atm([aal], [vpi], [vci], [channel], [cells], [aal5u2u], [aal5len])

Creates an ATM pseudoheader.

Arguments

aal (optional): AAL number

vpi (optional): VPI

vci (optional): VCI

channel (optional): Channel

cells (optional): Number of cells in the PDU

aal5u2u (optional): AAL5 User to User indicator

aal5len (optional): AAL5 Len

Returns

The ATM pseudoheader

11.1.2.4. PseudoHeader.mtp2([sent], [annexa], [linknum])

Creates an MTP2 PseudoHeader.

Arguments

sent (optional): True if the packet is sent, False if received.

annexa (optional): True if annex A is used.

linknum (optional): Link Number.

Returns

The MTP2 pseudoheader

Prev	Up	Next
10.4. Example: Listener written in Lua	Home	11.2. Obtaining Dissection Data