11.4.1 the Listener
Each packet that matches a specific filter or tap(test Access port) is called once. It can read the protocol tree, the Tvb buffer of packets and the shunt data, but it cannot add data to the protocol tree.
11.4.1.1. Listener. New ([tap], [filter], [allfields])
Create a new Listener tap object
-
parameter
-
The tap (optional)
The name of the tap. See listener.list () for details on how to print valid Listener names;
-
The filter (optional)
A display filter applied to TAP. The tap.packet function is called for each matched packet. Its default value is nil, and it matches every packet (for example, “m2TP”);
-
Allfields (optional)
Whether to generate all fields, the default is false;
PS: This affects performance;
-
-
The return value
- A newly created Listener object;
-
Possible errors
- tap registration error
11.4.1.2. Listener. List ()
Get a Lua array table containing all the registered Listener tap names;
Ps: This operation is very expensive and should only be used for error checking;
Example 11.4.1.3.
--print a list of tap listener to stdout
for _,tap_name in pairs(Listener.list()) do
print(tap_name)
end
Copy the code
-
The return value
- A Lua array table containing all registered TAP names;
11.4.1.4. Listener. Remove ()
Remove a tap Listener;
11.4.1.5. Listener: __tostring ()
Generate debug information string for tap Listener;
11.4.1.6. Listener. Packet
Mode: Assign only (Mode: Assign only)
A method that is called when a packet matches a Listener filter;
When later called by Wireshark, the packet method will be given the following parameters:
- A Pinfo object
- A Tvb object
- A tapinfo table
function tap.packet(pinfo,tvb,tapinfo).end
Copy the code
ps: tapinfoIs based onListenerTable of type, null if not present;
11.4.1.7. Listener. The draw
Mode: Assign only (Mode: Assign only)
A method that is called every few seconds to redraw GUI objects;
In Tshark, this function is called only at the end of each capture file;
When later called by Wireshark, the draw method will not be given any arguments;
function tap.draw(a).end
Copy the code
11.4.1.8. Listener. Reset
Mode: Assign only (Mode: Assign only)
A release method that is called only at the end of the capture run;
When later called by Wireshark, the reset method will not be given any parameters.
function tap.reset(a).end
Copy the code