luawiresharkwireshark-dissector

Lua script does not print results to wireshark console


So, I have written the following Lua script for my work but it does not show any output in the WireShark console for TCP at 443.

local plugin = {}

function plugin.init()  --I have initialized the plugins in the function
 
  plugin.rtt = {}
  plugin.window_sizes = {}
  plugin.congestion_window_size = 0
  plugin.slow_start_threshold = 0
  plugin.retransmit_threshold = 0     
  plugin.packet_drops = 0
  plugin.throughput = 0
end

function plugin.process_packet(packet)
 --This is processing every TCP packet

  local rtt = packet:get_tcp_option("tcp_rtt")
  if rtt ~= nil then
    plugin.rtt[#plugin.rtt + 1] = rtt
  end

  local window_size = packet:get_tcp_option("tcp_window_size")
  if window_size ~= nil then
    plugin.window_sizes[#plugin.window_sizes + 1] = window_size
  end

  if packet.tcp.flags.syn then
    
    plugin.congestion_window_size = 2
  else
    
    plugin.congestion_window_size = math.min(plugin.congestion_window_size * 2, math.max(plugin.window_sizes[#plugin.window_sizes - 1], 1))
  end

  if packet.tcp.flags.ack then
    
    plugin.slow_start_threshold = plugin.congestion_window_size + 1
    plugin.retransmit_threshold = plugin.congestion_window_size / 2
  end

  if packet.tcp.flags.rst then
    
    plugin.congestion_window_size = 0
    plugin.packet_drops = 0
  end

  if packet.tcp.flags.fin then
    
    plugin.throughput = plugin.congestion_window_size / plugin.rtt[#plugin.rtt]
  end

  
  print("Results for packet:")
  print("RTT:", rtt)
  print("Congestion Window Size:", plugin.congestion_window_size)
  print("Slow Start Threshold:", plugin.slow_start_threshold)
  print("Retransmit Threshold:", plugin.retransmit_threshold)
  print("Packet Drops:", plugin.packet_drops)
  print("Throughput:", plugin.throughput)
end

function plugin.get_results()
  
  return {
    rtt = plugin.rtt,
    window_sizes = plugin.window_sizes,
    congestion_window_size = plugin.congestion_window_size,
    slow_start_threshold = plugin.slow_start_threshold,
    retransmit_threshold = plugin.retransmit_threshold,
    packet_drops = plugin.packet_drops,
    throughput = plugin.throughput
  }
end

return plugin

It has been days since I have tried fixing it but in vain. Where am I wrong?

This Lua script defines a network traffic analysis plugin. It processes TCP packets, and extracts and tracks various TCP-related metrics such as Round-Trip Time (RTT), window sizes, and congestion control parameters. It calculates and updates these metrics based on packet flags and options. The script also computes and prints results like congestion window size, thresholds, packet drops, and throughput for each packet. Finally, it provides a method to retrieve the collected metrics and results from the plugin. The main focus is on analyzing and monitoring TCP behaviour within a network.


Solution

  • You seemed to have attempted to write a Wireshark Lua postdissector, but you didn't register it, nor did you implement it correctly. There's too much wrong to correct here, so I would suggest that you [re]read through the relevant pages of the Wireshark Developer's Guide (basically, chapters 10-11), and maybe consult some postdissector examples on the Wireshark Examples page, Wireshark Contrib page or examples from other places, such as Peter Wu's example.