If you put a breakpoint on line httppackets = httppackets 1 you will see it activated every time a new packet is matched by the filter. If you want to process captures from a file, you can add -r myfile.pcap to the command. You can run this script with the same command we put in the run.bat file: tshark -X lua_script:simple_a. called once each time the filter of the tap matches called at the end of the capture to print the summary Require("mobdebug").start() - start the debugger _G.debug = require('debug') - restore proper 'debug' table local taphttp = Listener.new(nil, "http") Here is the script that counts the number of http packets. The a script is not very useful, but you can do more complex processing by implementing taps and dissectors using Lua scripts. Now when you ran the batch file, you should see a green arrow in ZBS and should be able to step through the script. Start ZeroBrane Studio, open a file, and start the debugger server (by going to Project | Start Debugger Server). Start debugger server in ZeroBrane Studio The second line starts the debugger and connects to ZeroBrane Studio IDE. The first line is needed, because there is a bug in wireshark that causes the default debug table to be overwritten by a logging function with the same name the first line restores the default value. If you use an older version (which may include Lua 5.1), you need to use set LUA_CPATH=%ZBS%\bin/?.dll %ZBS%\bin/clibs/?.dll instead.Ĭreate a Lua script ( a) with the following lines: _G.debug = require("debug") Note that LUA_CPATH points for libraries for Lua 5.2 as wireshark v1.8 is using Lua 5.2. tshark is the command-line version of wireshark and -X enables various extension options. This script points to libraries included with ZBS that are required for debugging (luasocket and mobdebug). disable_lua = true do return end Setup Wireshark environment for debuggingĬreate the following batch file in your wireshark folder adjust the value of ZBS according to the location of ZeroBrane Studio. Then find a in the wireshark folder and comment out the following line (this is only needed if you are using wireshark earlier than 1.4): - Lua is disabled by default, comment out the following line to enable Lua support. Go to Help | About Wireshark and check if you see "with Lua 5.1" there (or run tshark -v and check its output). Make sure your Wireshark version include Lua interpreter and enable processing of Lua scripts. It turned out it is indeed possible I'll describe how this can be done on Windows, but you can map these steps to your platform of choice. One of ZeroBrane Studio users asked if he could use ZBS to debug Wireshark scripts and I thought I would take a look. Wireshark is a cross-platform network analyzer that conveniently supports scripting some of its functions in Lua.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |