Wireshark · Wireshark-users: [Wireshark-users] wireshark, tap, and tcp re-assembly

Wireshark-users: [Wireshark-users] wireshark, tap, and tcp re-assembly

From: "bergenpeak@xxxxxxxxxxx" <bergenpeak@xxxxxxxxxxx>

Date: Mon, 04 May 2009 13:58:57 -0600

Doing some googling and found a mail thread where someone was looking tohave wireshark perform tcp re-assembly directly so that they could thenwrite a script to process the assembled code.


I'm looking for something like this as well.

In the thread, there was mention of constructing a "tap" to do this. Itlooks like this might use something called "lua". There are someexamples in the docs, but there's not enough explanation for me to makesense of it or how to use it.

Anyone familiar with how to do this?

I'm really looking to parse the packets via net:pcap; i'm not sure iflua would change the pcap content that I would then access via net:pcapor if there's a way in net:pcap to do what i want. I'm trying to avoidwriting the code to perform tcp re-assembly on captured files.


Thanks

Prev by Date: [Wireshark-users] Packets arrive to wireshark but they don’t arrive to my application.
Next by Date: [Wireshark-users] compile wireshark problem
Previous by thread: [Wireshark-users] Packets arrive to wireshark but they don’t arrive to my application.
Next by thread: [Wireshark-users] compile wireshark problem
Index(es):
- Date
- Thread