Wireshark Developer’s Guide For 2.1 Dg Us
User Manual: wireshark Wireshark - 2.1 - Developer’s Guide Free User Guide for Wireshark Software, Manual
Open the PDF directly: View PDF
Page Count: 201 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- Wireshark Developer’s Guide
- Table of Contents
- Preface
- Part I. Wireshark Build Environment
- Chapter 1. Introduction
- Chapter 2. Quick Setup
- Chapter 3. Work with the Wireshark sources
- 3.1. Introduction
- 3.2. The Wireshark Git repository
- 3.3. Obtain the Wireshark sources
- 3.4. Update the Wireshark sources
- 3.5. Build Wireshark
- 3.6. Run generated Wireshark
- 3.7. Debug your generated Wireshark
- 3.8. Make changes to the Wireshark sources
- 3.9. Contribute your changes
- 3.10. Apply a patch from someone else
- 3.11. Binary packaging
- Chapter 4. Tool Reference
- 4.1. Introduction
- 4.2. Windows PowerShell
- 4.3. Chocolatey
- 4.4. Windows: Cygwin
- 4.5. GNU compiler toolchain (UNIX only)
- 4.6. Microsoft compiler toolchain (Windows native)
- 4.7. bash
- 4.8. Python
- 4.9. Perl
- 4.10. sed
- 4.11. Bison
- 4.12. Flex
- 4.13. Git client
- 4.14. Git Powershell Extensions (optional)
- 4.15. Git GUI client (optional)
- 4.16. patch (optional)
- 4.17. Windows: NSIS (optional)
- 4.18. Windows: PortableApps (optional)
- Chapter 5. Library Reference
- 5.1. Introduction
- 5.2. Binary library formats
- 5.3. Win32: Automated library download
- 5.4. Qt
- 5.5. GTK+ / GLib / GDK / Pango / ATK / GNU gettext / GNU libiconv
- 5.6. SMI (optional)
- 5.7. c-ares (optional)
- 5.8. zlib (optional)
- 5.9. libpcap/WinPcap (optional)
- 5.10. GnuTLS (optional)
- 5.11. Gcrypt (optional)
- 5.12. Kerberos (optional)
- 5.13. LUA (optional)
- 5.14. PortAudio (optional)
- 5.15. GeoIP (optional)
- 5.16. WinSparkle (optional)
- Part II. Wireshark Development
- Chapter 6. How Wireshark Works
- Chapter 7. Introduction
- Chapter 8. Packet capturing
- Chapter 9. Packet dissection
- Chapter 10. Lua Support in Wireshark
- Chapter 11. Wireshark’s Lua API Reference Manual
- 11.1. Saving capture files
- 11.2. Obtaining dissection data
- 11.2.1. Field
- 11.2.2. FieldInfo
- 11.2.2.1. fieldinfo:__len()
- 11.2.2.2. fieldinfo:__unm()
- 11.2.2.3. fieldinfo:__call()
- 11.2.2.4. fieldinfo:__tostring()
- 11.2.2.5. fieldinfo:__eq()
- 11.2.2.6. fieldinfo:__le()
- 11.2.2.7. fieldinfo:__lt()
- 11.2.2.8. fieldinfo.len
- 11.2.2.9. fieldinfo.offset
- 11.2.2.10. fieldinfo.value
- 11.2.2.11. fieldinfo.label
- 11.2.2.12. fieldinfo.display
- 11.2.2.13. fieldinfo.type
- 11.2.2.14. fieldinfo.source
- 11.2.2.15. fieldinfo.range
- 11.2.2.16. fieldinfo.generated
- 11.2.2.17. fieldinfo.hidden
- 11.2.2.18. fieldinfo.is_url
- 11.2.2.19. fieldinfo.little_endian
- 11.2.2.20. fieldinfo.big_endian
- 11.2.2.21. fieldinfo.name
- 11.2.3. Global Functions
- 11.3. GUI support
- 11.3.1. ProgDlg
- 11.3.2. TextWindow
- 11.3.2.1. TextWindow.new([title])
- 11.3.2.2. textwindow:set_atclose(action)
- 11.3.2.3. textwindow:set(text)
- 11.3.2.4. textwindow:append(text)
- 11.3.2.5. textwindow:prepend(text)
- 11.3.2.6. textwindow:clear()
- 11.3.2.7. textwindow:get_text()
- 11.3.2.8. textwindow:close()
- 11.3.2.9. textwindow:set_editable([editable])
- 11.3.2.10. textwindow:add_button(label, function)
- 11.3.3. Global Functions
- 11.3.3.1. gui_enabled()
- 11.3.3.2. register_menu(name, action, [group])
- 11.3.3.3. new_dialog(title, action, …)
- 11.3.3.4. retap_packets()
- 11.3.3.5. copy_to_clipboard(text)
- 11.3.3.6. open_capture_file(filename, filter)
- 11.3.3.7. get_filter()
- 11.3.3.8. set_filter(text)
- 11.3.3.9. set_color_filter_slot(row, text)
- 11.3.3.10. apply_filter()
- 11.3.3.11. reload()
- 11.3.3.12. browser_open_url(url)
- 11.3.3.13. browser_open_data_file(filename)
- 11.4. Post-dissection packet analysis
- 11.5. Obtaining packet information
- 11.5.1. Address
- 11.5.2. Column
- 11.5.3. Columns
- 11.5.4. NSTime
- 11.5.4.1. NSTime.new([seconds], [nseconds])
- 11.5.4.2. nstime:__call([seconds], [nseconds])
- 11.5.4.3. nstime:__tostring()
- 11.5.4.4. nstime:__add()
- 11.5.4.5. nstime:__sub()
- 11.5.4.6. nstime:__unm()
- 11.5.4.7. nstime:__eq()
- 11.5.4.8. nstime:__le()
- 11.5.4.9. nstime:__lt()
- 11.5.4.10. nstime.secs
- 11.5.4.11. nstime.nsecs
- 11.5.5. Pinfo
- 11.5.5.1. pinfo.visited
- 11.5.5.2. pinfo.number
- 11.5.5.3. pinfo.len
- 11.5.5.4. pinfo.caplen
- 11.5.5.5. pinfo.abs_ts
- 11.5.5.6. pinfo.rel_ts
- 11.5.5.7. pinfo.delta_ts
- 11.5.5.8. pinfo.delta_dis_ts
- 11.5.5.9. pinfo.circuit_id
- 11.5.5.10. pinfo.curr_proto
- 11.5.5.11. pinfo.can_desegment
- 11.5.5.12. pinfo.desegment_len
- 11.5.5.13. pinfo.desegment_offset
- 11.5.5.14. pinfo.fragmented
- 11.5.5.15. pinfo.in_error_pkt
- 11.5.5.16. pinfo.match_uint
- 11.5.5.17. pinfo.match_string
- 11.5.5.18. pinfo.port_type
- 11.5.5.19. pinfo.src_port
- 11.5.5.20. pinfo.dst_port
- 11.5.5.21. pinfo.dl_src
- 11.5.5.22. pinfo.dl_dst
- 11.5.5.23. pinfo.net_src
- 11.5.5.24. pinfo.net_dst
- 11.5.5.25. pinfo.src
- 11.5.5.26. pinfo.dst
- 11.5.5.27. pinfo.match
- 11.5.5.28. pinfo.columns
- 11.5.5.29. pinfo.cols
- 11.5.5.30. pinfo.private
- 11.5.5.31. pinfo.hi
- 11.5.5.32. pinfo.lo
- 11.5.5.33. pinfo.conversation
- 11.5.6. PrivateTable
- 11.6. Functions for new protocols and dissectors
- 11.6.1. Dissector
- 11.6.2. DissectorTable
- 11.6.2.1. DissectorTable.new(tablename, [uiname], [type], [base])
- 11.6.2.2. DissectorTable.list()
- 11.6.2.3. DissectorTable.heuristic_list()
- 11.6.2.4. DissectorTable.get(tablename)
- 11.6.2.5. dissectortable:add(pattern, dissector)
- 11.6.2.6. dissectortable:set(pattern, dissector)
- 11.6.2.7. dissectortable:remove(pattern, dissector)
- 11.6.2.8. dissectortable:remove_all(dissector)
- 11.6.2.9. dissectortable:try(pattern, tvb, pinfo, tree)
- 11.6.2.10. dissectortable:get_dissector(pattern)
- 11.6.2.11. dissectortable:add_for_decode_as(proto)
- 11.6.2.12. dissectortable:__tostring()
- 11.6.3. Pref
- 11.6.4. Prefs
- 11.6.5. Proto
- 11.6.5.1. Proto.new(name, desc)
- 11.6.5.2. proto:__call(name, desc)
- 11.6.5.3. proto:register_heuristic(listname, func)
- 11.6.5.4. proto.dissector
- 11.6.5.5. proto.prefs
- 11.6.5.6. proto.prefs_changed
- 11.6.5.7. proto.init
- 11.6.5.8. proto.name
- 11.6.5.9. proto.description
- 11.6.5.10. proto.fields
- 11.6.5.11. proto.experts
- 11.6.6. ProtoExpert
- 11.6.7. ProtoField
- 11.6.7.1. ProtoField.new(name, abbr, type, [valuestring], [base], [mask], [descr])
- 11.6.7.2. ProtoField.uint8(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.3. ProtoField.uint16(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.4. ProtoField.uint24(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.5. ProtoField.uint32(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.6. ProtoField.uint64(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.7. ProtoField.int8(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.8. ProtoField.int16(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.9. ProtoField.int24(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.10. ProtoField.int32(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.11. ProtoField.int64(abbr, [name], [base], [valuestring], [mask], [desc])
- 11.6.7.12. ProtoField.framenum(abbr, [name], [base], [frametype], [mask], [desc])
- 11.6.7.13. ProtoField.bool(abbr, [name], [display], [valuestring], [mask], [desc])
- 11.6.7.14. ProtoField.absolute_time(abbr, [name], [base], [desc])
- 11.6.7.15. ProtoField.relative_time(abbr, [name], [desc])
- 11.6.7.16. ProtoField.none(abbr, [name], [desc])
- 11.6.7.17. ProtoField.ipv4(abbr, [name], [desc])
- 11.6.7.18. ProtoField.ipv6(abbr, [name], [desc])
- 11.6.7.19. ProtoField.ether(abbr, [name], [desc])
- 11.6.7.20. ProtoField.float(abbr, [name], [desc])
- 11.6.7.21. ProtoField.double(abbr, [name], [desc])
- 11.6.7.22. ProtoField.string(abbr, [name], [desc])
- 11.6.7.23. ProtoField.stringz(abbr, [name], [desc])
- 11.6.7.24. ProtoField.bytes(abbr, [name], [desc])
- 11.6.7.25. ProtoField.ubytes(abbr, [name], [desc])
- 11.6.7.26. ProtoField.guid(abbr, [name], [desc])
- 11.6.7.27. ProtoField.oid(abbr, [name], [desc])
- 11.6.7.28. ProtoField.protocol(abbr, [name], [desc])
- 11.6.7.29. ProtoField.rel_oid(abbr, [name], [desc])
- 11.6.7.30. ProtoField.systemid(abbr, [name], [desc])
- 11.6.7.31. ProtoField.eui64(abbr, [name], [desc])
- 11.6.7.32. protofield:__tostring()
- 11.6.8. Global Functions
- 11.7. Adding information to the dissection tree
- 11.7.1. TreeItem
- 11.7.1.1. treeitem:add_packet_field(protofield, [tvbrange], encoding, [label])
- 11.7.1.2. treeitem:add([protofield], [tvbrange], [value], [label])
- 11.7.1.3. treeitem:add_le([protofield], [tvbrange], [value], [label])
- 11.7.1.4. treeitem:set_text(text)
- 11.7.1.5. treeitem:append_text(text)
- 11.7.1.6. treeitem:prepend_text(text)
- 11.7.1.7. treeitem:add_expert_info([group], [severity], [text])
- 11.7.1.8. treeitem:add_proto_expert_info(expert, [text])
- 11.7.1.9. treeitem:add_tvb_expert_info(expert, tvb, [text])
- 11.7.1.10. treeitem:set_generated([bool])
- 11.7.1.11. treeitem:set_hidden([bool])
- 11.7.1.12. treeitem:set_len(len)
- 11.7.1.13. treeitem:__tostring()
- 11.7.1.14. treeitem.text
- 11.7.1.15. treeitem.visible
- 11.7.1.16. treeitem.generated
- 11.7.1.17. treeitem.hidden
- 11.7.1.18. treeitem.len
- 11.7.1. TreeItem
- 11.8. Functions for handling packet data
- 11.8.1. ByteArray
- 11.8.1.1. ByteArray.new([hexbytes], [separator])
- 11.8.1.2. ByteArray.tvb(name)
- 11.8.1.3. bytearray:__concat(first, second)
- 11.8.1.4. bytearray:__eq(first, second)
- 11.8.1.5. bytearray:prepend(prepended)
- 11.8.1.6. bytearray:append(appended)
- 11.8.1.7. bytearray:set_size(size)
- 11.8.1.8. bytearray:set_index(index, value)
- 11.8.1.9. bytearray:get_index(index)
- 11.8.1.10. bytearray:len()
- 11.8.1.11. bytearray:subset(offset, length)
- 11.8.1.12. bytearray:base64_decode()
- 11.8.1.13. bytearray:raw([offset], [length])
- 11.8.1.14. bytearray:tohex([lowercase], [separator])
- 11.8.1.15. bytearray:__tostring()
- 11.8.2. Tvb
- 11.8.3. TvbRange
- 11.8.3.1. TvbRange.tvb(range)
- 11.8.3.2. tvbrange:uint()
- 11.8.3.3. tvbrange:le_uint()
- 11.8.3.4. tvbrange:uint64()
- 11.8.3.5. tvbrange:le_uint64()
- 11.8.3.6. tvbrange:int()
- 11.8.3.7. tvbrange:le_int()
- 11.8.3.8. tvbrange:int64()
- 11.8.3.9. tvbrange:le_int64()
- 11.8.3.10. tvbrange:float()
- 11.8.3.11. tvbrange:le_float()
- 11.8.3.12. tvbrange:ipv4()
- 11.8.3.13. tvbrange:le_ipv4()
- 11.8.3.14. tvbrange:ether()
- 11.8.3.15. tvbrange:nstime([encoding])
- 11.8.3.16. tvbrange:le_nstime()
- 11.8.3.17. tvbrange:string([encoding])
- 11.8.3.18. tvbrange:ustring()
- 11.8.3.19. tvbrange:le_ustring()
- 11.8.3.20. tvbrange:stringz([encoding])
- 11.8.3.21. tvbrange:strsize([encoding])
- 11.8.3.22. tvbrange:ustringz()
- 11.8.3.23. tvbrange:le_ustringz()
- 11.8.3.24. tvbrange:bytes([encoding])
- 11.8.3.25. tvbrange:bitfield([position], [length])
- 11.8.3.26. tvbrange:range([offset], [length])
- 11.8.3.27. tvbrange:uncompress(name)
- 11.8.3.28. tvbrange:len()
- 11.8.3.29. tvbrange:offset()
- 11.8.3.30. tvbrange:raw([offset], [length])
- 11.8.3.31. tvbrange:__eq()
- 11.8.3.32. tvbrange:__tostring()
- 11.8.1. ByteArray
- 11.9. Custom file format reading/writing
- 11.9.1. CaptureInfo
- 11.9.1.1. captureinfo:__tostring()
- 11.9.1.2. captureinfo.encap
- 11.9.1.3. captureinfo.time_precision
- 11.9.1.4. captureinfo.snapshot_length
- 11.9.1.5. captureinfo.comment
- 11.9.1.6. captureinfo.hardware
- 11.9.1.7. captureinfo.os
- 11.9.1.8. captureinfo.user_app
- 11.9.1.9. captureinfo.hosts
- 11.9.1.10. captureinfo.private_table
- 11.9.2. CaptureInfoConst
- 11.9.2.1. captureinfoconst:__tostring()
- 11.9.2.2. captureinfoconst.type
- 11.9.2.3. captureinfoconst.snapshot_length
- 11.9.2.4. captureinfoconst.encap
- 11.9.2.5. captureinfoconst.comment
- 11.9.2.6. captureinfoconst.hardware
- 11.9.2.7. captureinfoconst.os
- 11.9.2.8. captureinfoconst.user_app
- 11.9.2.9. captureinfoconst.hosts
- 11.9.2.10. captureinfoconst.private_table
- 11.9.3. File
- 11.9.4. FileHandler
- 11.9.4.1. FileHandler.new(name, shortname, description, type)
- 11.9.4.2. filehandler:__tostring()
- 11.9.4.3. filehandler.read_open
- 11.9.4.4. filehandler.read
- 11.9.4.5. filehandler.seek_read
- 11.9.4.6. filehandler.read_close
- 11.9.4.7. filehandler.seq_read_close
- 11.9.4.8. filehandler.can_write_encap
- 11.9.4.9. filehandler.write_open
- 11.9.4.10. filehandler.write
- 11.9.4.11. filehandler.write_finish
- 11.9.4.12. filehandler.type
- 11.9.4.13. filehandler.extensions
- 11.9.4.14. filehandler.writing_must_seek
- 11.9.4.15. filehandler.writes_name_resolution
- 11.9.4.16. filehandler.supported_comment_types
- 11.9.5. FrameInfo
- 11.9.6. FrameInfoConst
- 11.9.6.1. frameinfoconst:__tostring()
- 11.9.6.2. frameinfoconst:write_data(file, [length])
- 11.9.6.3. frameinfoconst.time
- 11.9.6.4. frameinfoconst.data
- 11.9.6.5. frameinfoconst.rec_type
- 11.9.6.6. frameinfoconst.flags
- 11.9.6.7. frameinfoconst.captured_length
- 11.9.6.8. frameinfoconst.original_length
- 11.9.6.9. frameinfoconst.encap
- 11.9.6.10. frameinfoconst.comment
- 11.9.7. Global Functions
- 11.9.1. CaptureInfo
- 11.10. Directory handling functions
- 11.10.1. Dir
- 11.10.1.1. Dir.make(name)
- 11.10.1.2. Dir.exists(name)
- 11.10.1.3. Dir.remove(name)
- 11.10.1.4. Dir.remove_all(name)
- 11.10.1.5. Dir.open(pathname, [extension])
- 11.10.1.6. Dir.personal_config_path([filename])
- 11.10.1.7. Dir.global_config_path([filename])
- 11.10.1.8. Dir.personal_plugins_path()
- 11.10.1.9. Dir.global_plugins_path()
- 11.10.1.10. dir:__call()
- 11.10.1.11. dir:close()
- 11.10.1. Dir
- 11.11. Utility Functions
- 11.11.1. Global Functions
- 11.11.1.1. get_version()
- 11.11.1.2. set_plugin_info(table)
- 11.11.1.3. format_date(timestamp)
- 11.11.1.4. format_time(timestamp)
- 11.11.1.5. report_failure(text)
- 11.11.1.6. critical(…)
- 11.11.1.7. warn(…)
- 11.11.1.8. message(…)
- 11.11.1.9. info(…)
- 11.11.1.10. debug(…)
- 11.11.1.11. loadfile(filename)
- 11.11.1.12. dofile(filename)
- 11.11.1.13. register_stat_cmd_arg(argument, [action])
- 11.11.1. Global Functions
- 11.12. Handling 64-bit Integers
- 11.12.1. Int64
- 11.12.1.1. Int64.decode(string, [endian])
- 11.12.1.2. Int64.new([value], [highvalue])
- 11.12.1.3. Int64.max()
- 11.12.1.4. Int64.min()
- 11.12.1.5. Int64.fromhex(hex)
- 11.12.1.6. int64:encode([endian])
- 11.12.1.7. int64:__call()
- 11.12.1.8. int64:tonumber()
- 11.12.1.9. int64:tohex([numbytes])
- 11.12.1.10. int64:higher()
- 11.12.1.11. int64:lower()
- 11.12.1.12. int64:__tostring()
- 11.12.1.13. int64:__unm()
- 11.12.1.14. int64:__add()
- 11.12.1.15. int64:__sub()
- 11.12.1.16. int64:__mul()
- 11.12.1.17. int64:__div()
- 11.12.1.18. int64:__mod()
- 11.12.1.19. int64:__pow()
- 11.12.1.20. int64:__eq()
- 11.12.1.21. int64:__lt()
- 11.12.1.22. int64:__le()
- 11.12.1.23. int64:bnot()
- 11.12.1.24. int64:band()
- 11.12.1.25. int64:bor()
- 11.12.1.26. int64:bxor()
- 11.12.1.27. int64:lshift(numbits)
- 11.12.1.28. int64:rshift(numbits)
- 11.12.1.29. int64:arshift(numbits)
- 11.12.1.30. int64:rol(numbits)
- 11.12.1.31. int64:ror(numbits)
- 11.12.1.32. int64:bswap()
- 11.12.2. UInt64
- 11.12.2.1. UInt64.decode(string, [endian])
- 11.12.2.2. UInt64.new([value], [highvalue])
- 11.12.2.3. UInt64.max()
- 11.12.2.4. UInt64.min()
- 11.12.2.5. UInt64.fromhex(hex)
- 11.12.2.6. uint64:encode([endian])
- 11.12.2.7. uint64:__call()
- 11.12.2.8. uint64:tonumber()
- 11.12.2.9. uint64:__tostring()
- 11.12.2.10. uint64:tohex([numbytes])
- 11.12.2.11. uint64:higher()
- 11.12.2.12. uint64:lower()
- 11.12.2.13. uint64:__unm()
- 11.12.2.14. uint64:__add()
- 11.12.2.15. uint64:__sub()
- 11.12.2.16. uint64:__mul()
- 11.12.2.17. uint64:__div()
- 11.12.2.18. uint64:__mod()
- 11.12.2.19. uint64:__pow()
- 11.12.2.20. uint64:__eq()
- 11.12.2.21. uint64:__lt()
- 11.12.2.22. uint64:__le()
- 11.12.2.23. uint64:bnot()
- 11.12.2.24. uint64:band()
- 11.12.2.25. uint64:bor()
- 11.12.2.26. uint64:bxor()
- 11.12.2.27. uint64:lshift(numbits)
- 11.12.2.28. uint64:rshift(numbits)
- 11.12.2.29. uint64:arshift(numbits)
- 11.12.2.30. uint64:rol(numbits)
- 11.12.2.31. uint64:ror(numbits)
- 11.12.2.32. uint64:bswap()
- 11.12.1. Int64
- 11.13. Binary encode/decode support
- 11.14. GLib Regular Expressions
- 11.14.1. GRegex
- 11.14.1.1. Notes
- 11.14.1.2. GRegex.new(pattern)
- 11.14.1.3. GRegex.flags([table])
- 11.14.1.4. GRegex.compile_flags([table])
- 11.14.1.5. GRegex.match_flags([table])
- 11.14.1.6. GRegex.match(subject, pattern, [init], [cf], [ef])
- 11.14.1.7. GRegex.find(subject, pattern, [init], [cf], [ef])
- 11.14.1.8. GRegex.gmatch(subject, pattern, [init], [cf], [ef])
- 11.14.1.9. GRegex.gsub(subject, pattern, [repl], [max], [cf], [ef])
- 11.14.1.10. GRegex.split(subject, sep, [cf], [ef])
- 11.14.1.11. GRegex.version()
- 11.14.1.12. gregex:match(subject, [init], [ef])
- 11.14.1.13. gregex:find(subject, [init], [ef])
- 11.14.1.14. gregex:exec(subject, [init], [ef])
- 11.14.1.15. gregex:dfa_exec(subject, [init], [ef])
- 11.14.1.16. gregex:__tostring()
- 11.14.1. GRegex
- Chapter 12. User Interface
- Chapter 13. This Document’s License (GPL)