Revision history  [back]

I want to print some needed logs through lua, the code is as follows.

The result obtained when tshark executes is correct.

When I open redis.pcap with wireshark I get a result that is repeated many times.

I would like to understand the reason for this difference and how should I modify my code for wireshark to work correctly

thank you very much

windows tshark : tshark -X lua_Script:hello.lu -r redis.pcap

lu.log：

2 0.000299000
3 0.000019000
5 0.000442000

wireshark lu.log：

2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000

hello.lua:hello.lu:

 T_gre_proto = Proto("test_pro","Test ")    
      tcp_ack = Field.new("tcp.analysis.ack_rtt")
      frame_num = Field.new("frame.number")
      file = io.open("C:\\Program Files\\Wireshark\\lu.log", 'w')

 function T_gre_proto.dissector(buffer,pinfo,tree)
     if tcp_ack() then
      frame_v = frame_num().value
      ttcp_v = tcp_ack().value

       file:write(string.format("%s %s\n",frame_v,ttcp_v) )

       file:flush()  

      end

  end

  register_postdissector(T_gre_proto)

I want to print some needed logs through lua, the code is as follows.

The result obtained when tshark executes is correct.

When I open redis.pcap with wireshark I get a result that is repeated many times.

I would like to understand the reason for this difference and how should I modify my code for wireshark to work correctly

thank you very much

windows ~~~~~~ windows tshark : tshark -X lua_Script:hello.lu -r redis.pcap

lu.log：

2 0.000299000
3 0.000019000
5 0.000442000

wireshark lu.log：

2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000
2 0.000299000
3 0.000019000
5 0.000442000

 T_gre_proto = Proto("test_pro","Test ")    
      tcp_ack = Field.new("tcp.analysis.ack_rtt")
      frame_num = Field.new("frame.number")
      file = io.open("C:\\Program Files\\Wireshark\\lu.log", 'w')

 function T_gre_proto.dissector(buffer,pinfo,tree)
     if tcp_ack() then
      frame_v = frame_num().value
      ttcp_v = tcp_ack().value

       file:write(string.format("%s %s\n",frame_v,ttcp_v) )

       file:flush()  

      end

  end

  register_postdissector(T_gre_proto)

I want to print some needed logs through lua, the code is as follows.

The result obtained results I get when I allow it with tshark executes is are correct.

When I open redis.pcap with wireshark I get a result that is repeated many times.

I would like to understand the reason for this difference and how should I modify my code for wireshark to work correctly

thank you very much

~~~~~~ windows tshark : tshark -X lua_Script:hello.lu -r redis.pcap

lu.log：

2 0.000299000

3 0.000019000

5 0.000442000

~~~~~~~~~

wireshark lu.log：

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

2 0.000299000

3 0.000019000

5 0.000442000

~~~~~~

 T_gre_proto = Proto("test_pro","Test ")    
      tcp_ack = Field.new("tcp.analysis.ack_rtt")
      frame_num = Field.new("frame.number")
      file = io.open("C:\\Program Files\\Wireshark\\lu.log", 'w')

 function T_gre_proto.dissector(buffer,pinfo,tree)
     if tcp_ack() then
      frame_v = frame_num().value
      ttcp_v = tcp_ack().value

       file:write(string.format("%s %s\n",frame_v,ttcp_v) )

       file:flush()  

      end

  end

  register_postdissector(T_gre_proto)