Quicklinks: Wireshark: Lua API docs | Lua Examples
Lua scripting allows you to dynamically access info that might not be available in Wireshark normally! Examples will be added at some point.
To use a lua script with tshark, use option -X lua_script:<path/to/script>.
Obligatory Hello World example, capturing one packet:
bash$ echo 'print("Hello World!")' > temp.lua
bash$ tshark -X lua_script:temp.lua -c 1
Hello World!
Capturing on 'Wi-Fi: en0'
1 0.000000 178.33.111.155 → mbp.attlocal.net TLSv1.2 839 Application Data
5 packets dropped from Wi-Fi: en0
1 packet captured
There are two libraries I came across that are more metaprogramming that lua dissectors:
I’ve compiled a list of the most popular lua dissectors on github.
Have a dissector you want added to this list? Has a dissector been merged into Wireshark? Make a pull request.
A ✔ is given for each of the following (in order of importance):
Star/Fork count in 2019 Aug [★] and can be converted to an in-browser javascript github API query. Repos below are on github and have at least 5 stars. None of these repos have been tested.
Note: Any derivative works of Wireshark MUST use a GPL2-compatible license.
| Name | Protocol | D | T | I | R | C | License | Last Updated | ★ | Forks | Lang |
|---|---|---|---|---|---|---|---|---|---|---|---|
| protobuf_dissector | protobuf | ✔ | ✔ | MIT | 2015-09 | 92 | 43 | Lua | |||
| h264extractor | H.264, opus | ✔ | ✔ | ✔ | GPL2 | 2016-06 | 66 | 32 | Lua | ||
| SAP-Dissection-plug-in-for-Wireshark | SAP Various | ✔ | ✔ | ✔ | ✔ | ✔ | GPL2 | 2019-05 | 51 | 21 | C |
| suriwire | Suricata Alert | ✔ | ✔ | ✔ | ✔ | GPL3 | 2018-06 | 49 | 6 | Lua | |
| lightning-dissector | Lightning Network (crypto) | ✔ | ✔ | ✔ | MIT | 2019-05 | 41 | 6 | Lua | ||
| ethereum_devp2p_wireshark_dissector | devp2p (crypto) | ✔ | ✗ | 2018-06 | 38 | 5 | Lua | ||||
| wireshark-plugins | CAPN PROTO | ✔ | ✔ | ✔ | Apache2 | 2016-08 | 34 | 10 | Lua | ||
| cautious-rotary-phone | Erlang Trace | ✔ | Apache2 | 2018-06 | 24 | 2 | Lua | ||||
| wireshark-http-extra | HTTP with extras | ✔ | ✔ | ✗ | 2011-09 | 23 | 6 | Lua | |||
| wireshark-plugin | Interface for Cloudshark | ✔ | ✔ | ✔ | ✔ | GPL2 | 2019-01 | 20 | 6 | Lua | |
| hep-wireshark | HEP3 | ✔ | ✔ | ✔ | GPL2 | 2019-01 | 13 | 8 | Lua | ||
| WiresharkLIFXDissector | LIFX | ✔ | GPL3 | 2018-02 | 12 | 0 | Lua | ||||
| wireshark-plugin-dash | Dash (crypto) | ✔ | ✔ | ✔ | GPL2 | 2018-10 | 11 | 3 | C | ||
| amos-ss16-proj3 | DOIP | ✔ | ✔ | ✔ | ✔ | ✔ | AGPL3 | 2017-01 | 8 | 6 | C |
| wireshark-plugin-mqtt | MQTT | ✔ | ✔ | GPL2 | 2014-02 | 8 | 4 | None | |||
| wireshark-stomp-plugin | STOMP | ✔ | GPL2 | 2017-05 | 7 | 4 | Lua | ||||
| wireshark-plugin-afdx | AFDX | ✔ | ✔ | ✔ | GPL2 | 2019-06 | 6 | 1 | C | ||
| tox_decoder | Tox | ✔ | ✗ | 2018-10 | 6 | 2 | C | ||||
| wireshark-plugin-rhcs | Redhat Cert Protocols | ✔ | GPL2 | 2014-01 | 5 | 2 | C | ||||
| some-ip-dissector | SOME/IP | ✔ | GPL2 | 2019-01 | 5 | 2 | Lua | ||||
| lppb | protobuf | ✔ | ✔ | GPL3 | 2016-03 | 5 | 2 | Lua | |||
| rfc8450-vc2-dissector | RFC8450 | ✔ | ✔ | GPL2 | 2018-09 | 5 | 0 | Lua |