How to port a Wireshark Lua dissector Script to Mac OSX?
https://stackoverflow.com/questions/10230632
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is there any initial setup that needs to be configured for wireshark to correctly handle a lua script in a Mac OSX environment?
Attempted to port the Lua answer to question "How to find out the HTTP header length of a packet?" https://stackoverflow.com/a/5794357/1217670
Was unable to get the Solution to work on a Mac.
The solution did work fine on a Windows XP platform with Wireshark 1.6.7, Lua 5.1.
Running the http_extra.lua script on a Mac OSX 10.7.3 with Wireshark 1.6.5, Lua 5.1.
the [Header Length (bytes): 917] header field does not appear.
I did enter http.hdr_len in the custom HTTP headers field.
Filtering on http.hdr_len displays nothing.
The http_extra.lua script is placed in the
/Applications/Wireshark.app/Contents/Resources/lib/wireshark/plugins directory.
Same results if you move the script to the Personal Plugins Folder.
This is the exact script file which is working perfectly on the Windows XP system.
The About Wireshark Plugins tab lists the http_extra.lua as a type lua script.
Testing the script to create an error validates that wireshark is aware of the script.
I did see a note you need to set LUA_PATH to the global plugins directory. This had no effect.
Appreciate any suggestions.
Solution 2
The Wireshark - Preference - Protocols - HTTP panel must have all four boxes checked for:
- Reassemble HTTP headers spanning multiple TCP segments
- Reassemble HTTP bodies spanning multiple TCP segments
- Reassemble chunked transfer code bodies
- Uncompress entity bodies.
The Mac environment now matches the Windows configuration and it yields the same results, showing the [Header Length (bytes): 917].
Same results rather you put the plugin in the global or local plugin directory.
The Mac osx Lua plugin directories path locations are documented in the About Wireshark panel - folders tab.
OTHER TIPS
Your personal Wireshark plugins directory on OSX is:
~/.config/wireshark/plugins
For older Wireshark versions it may be:
~/.wireshark/plugins
In your case, put the Lua script in:
~/.config/wireshark/plugins/http_extra.lua
See these posts for more on Lua init paths:
