Using the generated Lua files in Wireshark

These are the steps needed to use a Lua dissector generated by CSjark with Wireshark.

  1. Get the latest version of Wireshark as described in the installation section Wireshark.
  2. Locate the Personal configuration and the Personal Plugins directories. To do this, start Wireshark and click on Help in the menubar and then on About Wireshark. This should bring up the About Wireshark dialog. From there, navigate to the Folders tab. Locate folders Personal configuration and Personal Plugins and note their paths (see below).
About Wireshark - Folders
  • on Linux/Unix system it may be ~/.wireshark/ and ~/.wireshark/plugins/
  • on Windows it may be C:\Users\*YourUserName*\AppData\Roaming\Wireshark\
    and C:\Users\*YourUserName*\AppData\Roaming\Wireshark\plugins\

If the folders does not exist, create them.

  1. Copy CSjark generated file luastructs.lua into the Personal configuration folder located in step 2.

Note

Location of CSjark generated files is given by -o command line argument. More in section Using CSjark.

  1. Copy CSjark generated Lua dissector files into the Personal Plugins folder located in step 2.

  2. Open the file init.lua located in the Personal configuration folder which you found in step 2. Insert the following code:

    dofile("luastructs.lua")
This ensures that the luastructs.lua is loaded before all other Lua scripts. luastructs.lua is a protocol that maps the id of the messages to the correct dissector, and calls them.
  1. Restart Wireshark.
    To check that the scripts are loaded, navigate to Help -> About -> Plugins. The scripts should now appear in the list as “lua script”.
About Wireshark - Plugins

To add further dissectors, only step 4, 5 and 6 needs to be repeated.

For further information on the Lua integration in Wireshark, please visit: Lua Support in Wireshark.