第1页 / 共267页
第2页 / 共267页
第3页 / 共267页
第4页 / 共267页
第5页 / 共267页
第6页 / 共267页
第7页 / 共267页
第8页 / 共267页
Wireshark开发人员指南 v2.1.pdf
Wireshark开发人员指南
前 言
1、前言
2、谁应该阅读本文档?
3、致谢
4、关于本文档
5、在哪里可以获得本文档的最新版本?
6、提供有关此文档的反馈
第一部分 Wireshark构建环境
第1章 简介
1.1 简介
1.2 什么是Wireshark?
1.3 支持的平台
1.3.1 Unix
1.3.2 Linux
1.3.3 Microsoft Windows
1.4 Wireshark的开发和维护
1.4.1 使用的编程语言
1.4.2 开源软件
1.5 发布和分发
1.5.1 二进制发布
1.5.2 源代码分发
1.6 自动构建(Buildbot)
1.6.1 优点
1.6.2 Buildbot是什么?
1.7 报告问题并获得帮助
1.7.1 网站
1.7.2 Wiki
1.7.3 常见问题FAQ
1.7.4 其它来源
1.7.5 邮件列表
1.7.6 Bug数据库(Bugzilla)
1.7.7 问答网站
1.7.8 报告问题
1.7.9 报告UNIX/Linux平台上的崩溃情况
1.7.10 报告Windows平台上的崩溃情况
第2章 快速安装
2.1 UNIX:安装
2.2 Win32/64:分步指南
2.2.1 安装PowerShell
2.2.2 可选:安装Chocolatey
2.2.3 安装Microsoft C编译器和SDK
2.2.4 安装Qt
2.2.5 安装Cygwin
2.2.6 安装Python
2.2.7 安装Git
2.2.7.1 官方Windows安装程序
2.2.7.2 Git扩展
2.2.7.3 TortoiseGit
2.2.7.4 通过Chocolatey的命令行客户端
2.2.7.5 其它
2.2.8 安装CMake
2.2.9 安装和准备源
2.2.10 打开Visual Studio命令提示符
2.2.11 生成构建文件
2.2.12 构建Wireshark
2.2.13 调试环境设置
2.2.14 可选项:创建用户和开发人员指南
2.2.15 可选项:创建Wireshark安装程序
第3章 使用Wireshark源
3.1 简介
3.2 Wireshark Git仓库
3.2.1 通过Web界面访问Git存储库
3.3 获取Wireshark源代码
3.3.1 通过SSH或HTTPS进行Git
3.3.2 Git Web界面
3.3.3 Buildbot的快照
3.3.4 发布的源
3.4 更新Wireshark源
3.4.1 使用Git更新
3.4.2 使用源归档更新
3.5 构建Wireshark
3.5.1 基于Unix
3.5.2 Win32本机
3.6 运行生成的Wireshark
3.6.1 Unix/Linux
3.6.2 Win32本机
3.7 调试生成的Wireshark
3.7.1 Unix/Linux
3.7.2 Win32本机
3.8 更改Wireshark源
3.9 贡献您的更改
3.9.1 一些好的补丁的提示
3.9.2 代码要求
3.9.3 上传更改
3.9.4 Backporting更改
3.10 从其他人申请补丁
3.10.1 使用补丁
3.11 二进制包装
3.11.1 Debian:.deb软件包
3.11.2 Red Hat:.rpm包
3.11.3 OS X:.dmg软件包
3.11.4 Win32:NSIS .exe安装程序
3.11.5 Win32:PortableApps .paf.exe package
第4章 工具参考
4.1 介绍
4.2 Windows PowerShell
4.3 Chocolatey
4.4 Windows:Cygwin
4.4.1 使用Cygwin安装程序安装Cygwin
4.4.2 添加/更新/删除Cygwin包
4.4.3 使用Chocolatey安装Cygwin
4.5 GNU编译器工具链(仅限UNIX)
4.5.1 gcc(GNU编译器集合)
4.5.2 gdb(GNU项目调试器)
4.5.3 ddd(GNU数据显示调试器)
4.5.4 make(GNU Make)
4.6 Microsoft编译器工具链(Windows本机)
4.6.1 Toolchain包替代
4.6.2 cl.exe(C编译器)
4.6.3 link.exe(链接器)
4.6.4 C-Runtime“可再分发”文件
4.6.4.1 msvcr120.dll/vcredist_x86.exe/vcredist_x64.exe-版本12.0(2013)
4.6.5 Windows(平台)SDK
4.6.6 HTML帮助
4.6.6.1 HTML帮助编译器(hhc.exe)
4.6.6.2 HTML帮助构建文件(htmlhelp.c/htmlhelp.lib)
4.6.7 调试器
4.6.7.1 Visual Studio集成调试器
4.6.7.2 Windows的调试工具
4.7 bash
4.7.1 UNIX和Cygwin:GNU bash
4.7.2 Windows本机:
4.8 Python
4.9 Perl
4.9.1 UNIX和Cygwin:Perl
4.10 sed
4.10.1 UNIX和Cygwin:sed
4.10.2 Windows native:sed
4.11 Bison
4.11.1 UNIX或Cygwin:Bison
4.11.2 Windows本机:Win flex-bison和bison
4.12 Flex
4.12.1 UNIX或Cygwin:flex
4.12.2 Windows Native:Win flex-bison和flex
4.13 Git客户端
4.13.1 UNIX或Cygwin:git
4.13.2 Windows native:git
4.14 Git Powershell扩展(可选)
4.15 Git GUI客户端(可选)
4.16 补丁(可选)
4.16.1 UNIX和Cygwin:补丁
4.16.2 Windows本机:补丁
4.17 Windows:NSIS(可选)
4.18 Windows:PortableApps(可选)
第5章 库参考
5.1 介绍
5.2 二进制库格式
5.2.1 Unix
5.2.2 Win32:MSVC
5.2.3 Win32:cygwin gcc
5.3 Win32:自动库下载
5.4 Qt
5.4.1 Unix
5.4.2 Win32 MSVC
5.5 GTK+/GLib/GDK/Pango/ATK/GNU gettext/GNU libiconv
5.5.1 Unix
5.5.2 Win32 MSVC
5.6 SMI(可选)
5.6.1 Unix
5.6.2 Win32 MSVC
5.7 c-ares(可选)
5.7.1 Unix
5.7.2 Win32 MSVC
5.8 zlib(可选)
5.8.1 Unix
5.8.2 Win32 MSVC
5.9 libpcap/WinPcap(可选)
5.9.1 Unix:libpcap
5.9.2 Win32 MSVC:WinPcap
5.10 GnuTLS(可选)
5.10.1 Unix
5.10.2 Win32 MSVC
5.11 Gcrypt(可选)
5.11.1 Unix
5.11.2 Win32 MSVC
5.12 Kerberos(可选)
5.12.1 Unix
5.12.2 Win32 MSVC
5.13 LUA(可选)
5.13.1 Unix
5.13.2 Win32MSVC
5.14 PortAudio(可选)
5.14.1 Unix
5.14.2 Win32 MSVC
5.15 GeoIP(可选)
5.15.1 UNIX
5.15.2 Win32 MSVC
5.16 WinSparkle(可选)
5.16.1 Win32 MSVC
第二部分 Wireshark开发
第6章 Wireshark如何工作
6.1 介绍
6.2 概述
6.3 捕获数据包
6.4 捕获文件
6.5 解析数据包
第7章 导 言
7.1 源概述
7.2 编码风格
7.3 GLib库
第8章 数据包捕获
8.1 如何向libpcap添加新的捕获类型
第9章 包解析
9.1 它是如何工作的
9.2 添加基本解析器
9.2.1 设置解析器
9.2.2 解析协议的细节
9.2.3 改善夹层信息
9.3 如何处理转换后的数据
9.4 如何重新组合拆分包
9.4.1 如何重新组合拆分UDP数据包
9.4.2 如何重新组合拆分TCP数据包
9.5 如何tap协议
9.6 如何生成协议统计信息
9.7 如何使用对话
9.8 idl2wrs:从CORBA IDL文件创建解析器
9.8.1 是什么?
9.8.2 为什么这样?
9.8.3 如何使用idl2wrs
9.8.4 TODO
9.8.5 限制
9.8.6 注释
第10章 Wireshark中的Lua支持
10.1 简介
10.2 用Lua编写的解析器的例子
10.3 Lua中写的监听器示例
第11章 Wireshark的Lua API参考手册
11.1 保存捕获文件
11.1.1 Dumper
11.1.1.1 Dumper.new(filename,[filetype],[encap])
11.1.1.2 dumper:close()
11.1.1.3 dumper:flush()
11.1.1.4 dumper:dump(timestamp,pseudoheader,bytearray)
11.1.1.5 dumper:new_for_current([filetype])
11.1.1.6 dumper:dump_current()
11.1.2 PseudoHeader
11.1.2.1 PseudoHeader.none()
11.1.2.2 PseudoHeader.eth([fcslen])
11.1.2.3 PseudoHeader.atm([aal],[vpi],[vci],[channel],[cells],[aal5u2u],[aal5len])
11.1.2.4 PseudoHeader.mtp2([sent],[annexa],[linknum])
11.2 获取解析数据
11.2.1 字段
11.2.1.1 Field.new(fieldname)
11.2.1.2 Field.list()
11.2.1.3 field:_call()
11.2.1.4 field:_tostring()
11.2.1.5 field.name
11.2.1.6 field.display
11.2.1.7 field.type
11.2.2 FieldInfo
11.2.2.1 fieldinfo:_len()
11.2.2.2 fieldinfo:_unm()
11.2.2.3 fieldinfo:_call()
11.2.2.4 fieldinfo:_tostring()
11.2.2.5 fieldinfo:_eq()
11.2.2.6 fieldinfo:_le()
11.2.2.7 fieldinfo:_lt()
11.2.2.8 fieldinfo.len
11.2.2.9 fieldinfo.offset
11.2.2.10 fieldinfo.value
11.2.2.11 fieldinfo.label
11.2.2.12 fieldinfo.display
11.2.2.13 fieldinfo.type
11.2.2.14 fieldinfo.source
11.2.2.15 fieldinfo.range
11.2.2.16 fieldinfo.generated
11.2.2.17 fieldinfo.hidden
11.2.2.18 fieldinfo.is_url
11.2.2.19 fieldinfo.little_endian
11.2.2.20 fieldinfo.big_endian
11.2.2.21 fieldinfo.name
11.2.3 全局函数
11.2.3.1 all_field_infos()
11.3 GUI支持
11.3.1 ProgDlg
11.3.1.1 ProgDlg.new([title],[task])
11.3.1.2 progdlg:update(progress,[task])
11.3.1.3 progdlg:stopped()
11.3.1.4 progdlg:close()
11.3.2 TextWindow
11.3.2.1 TextWindow.new([title])
11.3.2.2 textwindow:set_atclose(action)
11.3.2.3 textwindow:set(text)
11.3.2.4 textwindow:append(text)
11.3.2.5 textwindow:prepend(text)
11.3.2.6 textwindow:clear()
11.3.2.7 textwindow:get_text()
11.3.2.8 textwindow:close()
11.3.2.9 textwindow:set_editable([editable])
11.3.2.10 textwindow:add_button(label,function)
11.3.3 全局函数
11.3.3.1 gui_enabled()
11.3.3.2 register_menu(name, action, [group])
11.3.3.3 new_dialog(title, action, ...)
11.3.3.4 retap_packets()
11.3.3.5 copy_to_clipboard(text)
11.3.3.6 open_capture_file(filename,filter)
11.3.3.7 get_filter()
11.3.3.8 set_filter(text)
11.3.3.9 set_color_filter_slot(row,text)
11.3.3.10 apply_filter()
11.3.3.11 reload()
11.3.3.12 reload_packets()
11.3.3.13 reload_lua_plugins()
11.3.3.14 browser_open_url(url)
11.3.3.15 browser_open_data_file(filename)
11.4 解析后的包分析
11.4.1 监听器
11.4.1.1 Listener.new([tap],[filter],[allfields])
11.4.1.2 Listener.list()
11.4.1.3 listener:remove()
11.4.1.4 listener:_tostring()
11.4.1.5 listener.packet
11.4.1.6 listener.draw
11.4.1.7 listener.reset
11.5 获取报文信息
11.5.1 地址
11.5.1.1 Address.ip(hostname)
11.5.1.2 Address.ipv6(hostname))
11.5.1.3 address:_tostring()
11.5.1.4 address:_eq()
11.5.1.5 address:_le()
11.5.1.6 address:_lt()
11.5.2 column
11.5.2.1 column:_tostring()
11.5.2.2 column:clear()
11.5.2.3 column:set(text)
11.5.2.4 column:append(text)
11.5.2.5 column:prepend(text)
11.5.2.6 column:fence()
11.5.2.7 column:clear_fence()
11.5.3 columns
11.5.3.1 columns:_tostring()
11.5.3.2 columns:_newindex(column,text)
11.5.3.3 columns:_index()
11.5.4 NSTime
11.5.4.1 NSTime.new([seconds],[nseconds])
11.5.4.2 nstime:_call([seconds],[nseconds])
11.5.4.3 nstime:_tostring()
11.5.4.4 nstime:_add()
11.5.4.5 nstime:_sub()
11.5.4.6 nstime:_unm()
11.5.4.7 nstime:_eq()
11.5.4.8 nstime:_le()
11.5.4.9 nstime:_lt()
11.5.4.10 nstime.secs
11.5.4.11 nstime.nsecs
11.5.5 Pinfo
11.5.5.1 pinfo.visited
11.5.5.2 pinfo.number
11.5.5.3 pinfo.len
11.5.5.4 pinfo.caplen
11.5.5.5 pinfo.abs_ts
11.5.5.6 pinfo.rel_ts
11.5.5.7 pinfo.delta_ts
11.5.5.8 pinfo.delta_dis_ts
11.5.5.9 pinfo.circuit_id
11.5.5.10 pinfo.curr_proto
11.5.5.11 pinfo.can_desegment
11.5.5.12 pinfo.desegment_len
11.5.5.13 pinfo.desegment_offset
11.5.5.14 pinfo.fragmented
11.5.5.15 pinfo.in_error_pkt
11.5.5.16 pinfo.match_uint
11.5.5.17 pinfo.match_string
11.5.5.18 pinfo.port_type
11.5.5.19 pinfo.src_port
11.5.5.20 pinfo.dst_port
11.5.5.21 pinfo.dl_src
11.5.5.22 pinfo.dl_dst
11.5.5.23 pinfo.net_src
11.5.5.24 pinfo.net_dst
11.5.5.25 pinfo.src
11.5.5.26 pinfo.dst
11.5.5.27 pinfo.match
11.5.5.28 pinfo.columns
11.5.5.29 pinfocols
11.5.5.30 pinfo.private
11.5.5.31 pinfo.hi
11.5.5.32 pinfo.lo
11.5.5.33 pinfo.conversation
11.5.6 PrivateTable
11.5.6.1 privatetable:_tostring()
11.6 新协议和解析器的功能
11.6.1 解析器
11.6.1.1 Dissector.get(name)
11.6.1.2 Dissector.list()
11.6.1.3 Dissector:call(tvb,pinfo,tree)
11.6.1.4 Dissector:_call(tvb,pinfo,tree)
11.6.1.5 Dissector:_tostring()
11.6.2 解析表
11.6.2.1 DissectorTable.new(tablename,[uiname],[type],[base])
11.6.2.2 DissectorTable.list()
11.6.2.3 DissectorTable.heuristic_list()
11.6.2.4 DissectorTable.get(tablename)
11.6.2.5 dissectortable:add(pattern,dissector)
11.6.2.6 dissectortable:set(pattern,dissector)
11.6.2.7 dissectortable:remove(pattern,dissector)
11.6.2.8 dissectortable:remove_all(dissector)
11.6.2.9 dissectortable:try(pattern,tvb,pinfo,tree)
11.6.2.10 dissectortable:get_dissector(pattern)
11.6.2.11 dissectortable:add_for_decode_as(proto)
11.6.2.12 dissectortable:_tostring()
11.6.3 Pref
11.6.3.1 Pref.bool(label,default,descr)
11.6.3.2 Pref.uint(label,default,descr)
11.6.3.3 Pref.string(label,default,descr)
11.6.3.4 Prefenum(label,default,descr,enum,radio)
11.6.3.5 Pref.range(label,default,descr,max)
11.6.3.6 Pref.statictext(label,descr)
11.6.4 Prefs
11.6.4.1 prefs:_newindex(name,pref)
11.6.4.2 prefs:_index(name)
11.6.5 Proto
11.6.5.1 Proto.new(name,desc)
11.6.5.2 proto:_call(name,desc)
11.6.5.3 proto:register_heuristic(listname,func)
11.6.5.4 proto.dissector
11.6.5.5 proto.prefs
11.6.5.6 proto.prefs_changed
11.6.5.7 proto.init
11.6.5.8 proto.name
11.6.5.9 proto.description
11.6.5.10 proto.fields
11.6.5.11 proto.experts
11.6.6 ProtoExpert
11.6.6.1 ProtoExpert.new(abbr,text,group,severity)
11.6.6.2 protoexpert:_tostring()
11.6.7 ProtoField
11.6.7.1 ProtoField.new(name,abbr,type,[valuestring],[base],[mask],[descr])
11.6.7.2 ProtoField.uint8(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.3 ProtoField.uint16(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.4 ProtoField.uint24(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.5 ProtoField.uint32(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.6 ProtoField.uint64(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.7 ProtoField.int8(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.8 ProtoField.int16(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.9 ProtoField.int24(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.10 ProtoField.int32(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.11 ProtoField.int64(abbr,[name],[base],[valuestring],[mask],[desc])
11.6.7.12 ProtoField.framenum(abbr,[name],[base],[frametype],[mask],[desc])
11.6.7.13 ProtoField.bool(abbr,[name],[display],[valuestring],[mask],[desc])
11.6.7.14 ProtoField.absolute_time(abbr,[name],[base],[desc])
11.6.7.15 ProtoField.relative_time(abbr,[name],[desc])
11.6.7.16 ProtoField.none(abbr,[name],[desc])
11.6.7.17 ProtoField.ipv4(abbr,[name],[desc])
11.6.7.18 ProtoField.ipv6(abbr,[name],[desc])
11.6.7.19 ProtoField.ether(abbr,[name],[desc])
11.6.7.20 ProtoField.float(abbr,[name],[desc])
11.6.7.21 ProtoField.double(abbr,[name],[desc])
11.6.7.22 ProtoField.string(abbr,[name],[desc])
11.6.7.23 ProtoField.stringz(abbr,[name],[desc])
11.6.7.24 ProtoField.bytes(abbr,[name],[desc])
11.6.7.25 ProtoField.ubytes(abbr,[name],[desc])
11.6.7.26 ProtoField.guid(abbr,[name],[desc])
11.6.7.27 ProtoField.oid(abbr,[name],[desc])
11.6.7.28 ProtoField.protocol(abbr,[name],[desc])
11.6.7.29 ProtoField.rel_oid(abbr,[name],[desc])
11.6.7.30 ProtoField.systemid(abbr,[name],[desc])
11.6.7.31 ProtoField.eui64(abbr,[name],[desc])
11.6.7.32 protofield:_tostring()
11.6.8 全局函数
11.6.8.1 register_postdissector(proto,[allfields])
11.6.8.2 dissect_tcp_pdus(tvb,tree,min_header_size,get_len_func,dissect_func,[desegment])
11.7 向解析树添加信息
11.7.1 TreeItem
11.7.1.1 treeitem:add_packet_field(protofield,[tvbrange],encoding,[label])
11.7.1.2 treeitem:add([protofield],[tvbrange],[value],[label])
11.7.1.3 treeitem:add_le([protofield],[tvbrange],[value],[label])
11.7.1.4 treeitem:set_text(text)
11.7.1.5 treeitem:append_text(text)
11.7.1.6 treeitem:prepend_text(text)
11.7.1.7 treeitem:add_expert_info([group],[severity],[text])
11.7.1.8 treeitem:add_proto_expert_info(expert,[text])
11.7.1.9 treeitem:add_tvb_expert_info(expert,tvb,[text])
11.7.1.10 treeitem:set_generated([bool])
11.7.1.11 treeitem:set_hidden([bool])
11.7.1.12 treeitem:set_len(len)
11.7.1.13 treeitem:_tostring()
11.7.1.14 treeitem.text
11.7.1.15 treeitem.visible
11.7.1.16 treeitemgenerated
11.7.1.17 treeitem.hidden
11.7.1.18 treeitem.len
11.8 处理数据包数据的功能
11.8.1 字节数组
11.8.1.1 ByteArray.new([hexbytes],[separator])
11.8.1.2 bytearray:_concat(first,second)
11.8.1.3 bytearray:_eq(first,second)
11.8.1.4 bytearray:prepend(prepended)
11.8.1.5 bytearray:append(附加)
11.8.1.6 bytearray:set_size(size)
11.8.1.7 bytearray:set_index(index,value)
11.8.1.8 bytearray:get_index(index)
11.8.1.9 bytearray:len()
11.8.1.10 bytearray:subset(offset,length)
11.8.1.11 bytearray:base64_decode()
11.8.1.12 bytearray:raw([offset],[length])
11.8.1.13 bytearray:tohex([lowercase],[separator])
11.8.1.14 bytearray:_tostring()
11.8.1.15 bytearray:tvb(name)
11.8.2 Tvb
11.8.2.1 tvb:_tostring()
11.8.2.2 tvb:reported_len()
11.8.2.3 tvb:len()
11.8.2.4 tvb:reported_length_remaining()
11.8.2.5 tvb:bytes([offset],[length])
11.8.2.6 tvb:offset()
11.8.2.7 tvb:_call()
11.8.2.8 tvb:range([offset],[length])
11.8.2.9 tvb:raw([offset],[length])
11.8.2.10 tvb:_eq()
11.8.3 TvbRange
11.8.3.1 tvbrange:tvb()
11.8.3.2 tvbrange:uint()
11.8.3.3 tvbrange:le_uint()
11.8.3.4 tvbrange:uint64()
11.8.3.5 tvbrange:le_uint64()
11.8.3.6 tvbrange:int()
11.8.3.7 tvbrange:le_int()
11.8.3.8 tvbrange:int64()
11.8.3.9 tvbrange:le_int64()
11.8.3.10 tvbrange:float()
11.8.3.11 tvbrange:le_float()
11.8.3.12 tvbrange:ipv4()
11.8.3.13 tvbrange:le_ipv4()
11.8.3.14 tvbrange:ipv6()
11.8.3.15 tvbrange:ether()
11.8.3.16 tvbrange:nstime([encoding])
11.8.3.17 tvbrange:le_nstime()
11.8.3.18 tvbrange:string([encoding])
11.8.3.19 tvbrange:ustring()
11.8.3.20 tvbrange:le_ustring()
11.8.3.21 tvbrange:stringz([encoding])
11.8.3.22 tvbrange:strsize([encoding])
11.8.3.23 tvbrange:ustringz()
11.8.3.24 tvbrange:le_ustringz()
11.8.3.25 tvbrange:bytes([encoding])
11.8.3.26 tvbrange:bitfield([position],[length])
11.8.3.27 tvbrange:range([offset],[length])
11.8.3.28 tvbrange:uncompress(name)
11.8.3.29 tvbrange:len()
11.8.3.30 tvbrange:offset()
11.8.3.31 tvbrange:raw([offset],[length])
11.8.3.32 tvbrange:_eq()
11.8.3.33 tvbrange:_tostring()
11.9 自定义文件格式读/写
11.9.1 CaptureInfo
11.9.1.1 captureinfo:_tostring()
11.9.1.2 captureinfo.encap
11.9.1.3 captureinfo.time_precision
11.9.1.4 Captureinfo.snapshot_length
11.9.1.5 captureinfo.comment
11.9.1.6 captureinfo.hardware
11.9.1.7 captureinfo.os
11.9.1.8 captureinfo.user_app
11.9.1.9 captureinfo.hosts
11.9.1.10 captureinfo.private_table
11.9.2 CaptureInfoConst
11.9.2.1 captureinfoconst:_tostring()
11.9.2.2 captureinfoconst.type
11.9.2.3 captureinfoconst.snapshot_length
11.9.2.4 captureinfoconst.encap
11.9.2.5 captureinfoconst.comment
11.9.2.6 captureinfoconst.hardware
11.9.2.7 captureinfoconst.os
11.9.2.8 captureinfoconst.user_app
11.9.2.9 captureinfoconst.hosts
11.9.2.10 captureinfoconst.private_table
11.9.3 File
11.9.3.1 file:read()
11.9.3.2 file:seek()
11.9.3.3 file:lines()
11.9.3.4 file:write()
11.9.3.5 file:_tostring()
11.9.3.6 file.compressed
11.9.4 FileHandler
11.9.4.1 FileHandler.new(name, shortname, description, type)
11.9.4.2 filehandler:_tostring()
11.9.4.3 filehandler.read_open
11.9.4.4 filehandler.read
11.9.4.5 filehandler.seek_read
11.9.4.6 filehandler.read_close
11.9.4.7 filehandler.seq_read_close
11.9.4.8 filehandler.can_write_encap
11.9.4.9 filehandler.write_open
11.9.4.10 filehandler.write
11.9.4.11 filehandler.write_finish
11.9.4.12 filehandler.type
11.9.4.13 filehandler.extensions
11.9.4.14 filehandler.writing_must_seek
11.9.4.15 filehandler.writes_name_resolution
11.9.4.16 filehandler.supported_comment_types
11.9.5 FrameInfo
11.9.5.1 frameinfo:_tostring()
11.9.5.2 frameinfo:read_data(file,length)
11.9.5.3 frameinfo.time
11.9.5.4 frameinfo.data
11.9.5.5 frameinfo.rec_type
11.9.5.6 frameinfo.flags
11.9.5.7 frameinfo.captured_length
11.9.5.8 frameinfo.original_length
11.9.5.9 frameinfo.encap
11.9.5.10 frameinfo.comment
11.9.6 FrameInfoConst
11.9.6.1 frameinfoconst:_tostring()
11.9.6.2 frameinfoconst:write_data(file,[length])
11.9.6.3 frameinfoconst.time
11.9.6.4 frameinfoconst.data
11.9.6.5 frameinfoconst.rec_type
11.9.6.6 frameinfoconst.flags
11.9.6.7 frameinfoconst.captured_length
11.9.6.8 frameinfoconst.original_length
11.9.6.9 frameinfoconst.encap
11.9.6.10 frameinfoconst.comment
11.9.7 全局函数
11.9.7.1 register_filehandler(filehandler)
11.9.7.2 deregister_filehandler(filehandler)
11.10 目录处理函数
11.10.1 Dir
11.10.1.1 Dir.make(name)
11.10.1.2 Dir.exists(name)
11.10.1.3 Dir.remove(name)
11.10.1.4 Dir.remove_all(name)
11.10.1.5 Dir.open(pathname,[extension])
11.10.1.6 Dir.personal_config_path([filename])
11.10.1.7 Dir.global_config_path([filename])
11.10.1.8 Dir.personal_plugins_path()
11.10.1.9 Dir.global_plugins_path()
11.10.1.10 dir:_call()
11.10.1.11 dir:close()
11.11 实用函数
11.11.1 全局函数
11.11.1.1 get_version()
11.11.1.2 set_plugin_info(table)
11.11.1.3 format_date(timestamp)
11.11.1.4 format_time(timestamp)
11.11.1.5 report_failure(text)
11.11.1.6 critical(...)
11.11.1.7 warn(...)
11.11.1.8 message(...)
11.11.1.9 info(…)
11.11.1.10 debug(…)
11.11.1.11 loadfile(filename)
11.11.1.12 dofile(filename)
11.11.1.13 register_stat_cmd_arg(argument,[action])
11.12 处理64位整数
11.12.1 Int64
11.12.1.1 Int64.decode(string,[endian])
11.12.1.2 Int64.new([value],[highvalue])
11.12.1.3 Int64.max()
11.12.1.4 Int64.min()
11.12.1.5 Int64.fromhex(hex)
11.12.1.6 int64:encode([endian])
11.12.1.7 int64:_call()
11.12.1.8 int64:tonumber()
11.12.1.9 int64:tohex([numbytes])
11.12.1.10 int64:higher()
11.12.1.11 int64:lower()
11.12.1.12 int64:_tostring()
11.12.1.13 int64:_unm()
11.12.1.14 int64:_add()
11.12.1.15 int64:_sub()
11.12.1.16 int64:_mul()
11.12.1.17 int64:_div()
11.12.1.18 int64:_mod()
11.12.1.19 int64:_pow()
11.12.1.20 int64:_eq()
11.12.1.21 int64:_lt()
11.12.1.22 int64:_le()
11.12.1.23 int64:bnot()
11.12.1.24 int64:band()
11.12.1.25 int64:bor()
11.12.1.26 int64:bxor()
11.12.1.27 int64:lshift(numbits)
11.12.1.28 int64:rshift(numbits)
11.12.1.29 int64:arshift(numbits)
11.12.1.30 int64:rol(numbits)
11.12.1.31 int64:ror(numbits)
11.12.1.32 int64:bswap()
11.12.2 UInt64
11.12.2.1 UInt64.decode(string,[endian])
11.12.2.2 UInt64.new([value],[highvalue])
11.12.2.3 UInt64.max()
11.12.2.4 UInt64.min()
11.12.2.5 UInt64.fromhex(hex)
11.12.2.6 uint64:encode([endian])
11.12.2.7 uint64:_call()
11.12.2.8 uint64:tonumber()
11.12.2.9 uint64:_tostring()
11.12.2.10 uint64:tohex([numbytes])
11.12.2.11 uint64:higher()
11.12.2.12 uint64:lower()
11.12.2.13 uint64:_unm()
11.12.2.14 uint64:_add()
11.12.2.15 uint64:_sub()
11.12.2.16 uint64:_mul()
11.12.2.17 uint64:_div()
11.12.2.18 uint64:_mod()
11.12.2.19 uint64:_pow()
11.12.2.20 uint64:_eq()
11.12.2.21 uint64:_lt()
11.12.2.22 uint64:_le()
11.12.2.23 uint64:bnot()
11.12.2.24 uint64:band()
11.12.2.25 uint64:bor()
11.12.2.26 uint64:bxor()
11.12.2.27 uint64:lshift(numbits)
11.12.2.28 uint64:rshift(numbits)
11.12.2.29 uint64:arshift(numbits)
11.12.2.30 uint64:rol(numbits)
11.12.2.31 uint64:ror(numbits)
11.12.2.32 uint64:bswap()
11.13 二进制编码/解码支持
11.13.1 结构
11.13.1.1 Struct.pack(format,value)
11.13.1.2 Struct.unpack(format,struct,[begin])
11.13.1.3 Struct.size(format)
11.13.1.4 Struct.values(format)
11.13.1.5 Struct.tohex(bytestring,[smallcase],[separator])
11.13.1.6 Struct.fromhex(hexbytes, [separator])
11.14 GLib正则表达式
11.14.1 GRegex
11.14.1.1 Notes
11.14.1.2 GRegex.new(pattern)
11.14.1.3 GRegex.flags([table])
11.14.1.4 GRegex.compile_flags([table])
11.14.1.5 GRegex.match_flags([table])
11.14.1.6 GRegex.match(subject,pattern,[init],[cf],[ef])
11.14.1.7 GRegex.find(subject,pattern,[init],[cf],[ef])
11.14.1.8 GRegex.gmatch(subject,pattern,[init],[cf],[ef])
11.14.1.9 GRegex.gsub(subject,pattern,[repl],[max],[cf],[ef])
11.14.1.10 GRegex.split(subject,sep,[cf],[ef])
11.14.1.11 GRegex.version()
11.14.1.12 gregex:match(subject,[init],[ef])
11.14.1.13 gregex:find(subject,[init],[ef])
11.14.1.14 gregex:exec(subject,[init],[ef])
11.14.1.15 gregex:dfa_exec(subject,[init],[ef])
11.14.1.16 gregex:_tostring()
第12章 用户界面
12.1 介绍
12.2 Qt应用程序框架
12.2.1 用户体验注意事项
12.2.2 Qt Creator
12.2.3 源代码概述
12.2.4 编码实践和命名约定
12.2.4.1 名称
12.2.4.2 对话框
12.2.4.3 字符串
12.2.4.4 混合C和C++
12.2.4.5 国际化和翻译
12.2.5 其它问题和信息
12.3 GTK库
12.3.1 GTK版本2.x
12.3.2 GTK版本3.x
12.3.3 兼容性GTK版本
12.3.4 GTK资源在网络上
12.4 人机界面参考文档
12.5 添加/扩展对话框
12.6 小部件命名
12.7 常见的GTK编程陷阱
12.7.1 gtk_widget_show()/gtk_widget_show_all()的用法
第13章 本文档的许可证(GPL)
Wireshark 开发人员指南
For Wireshark 2.1
更新时间:2017 年 1 月 24 日
Ulf Lamping
Luis E. Ontanon
Graham Bloice
前 言
Wireshark 开发人员指南:For Wireshark 2.1
由 Ulf Lamping,Luis E. Ontanon 和 Graham Bloice 著,
版权所有© 2004-2014 Ulf Lamping,Luis E. Garcia Ontanon,Graham Bloice
根据 GNU 通用公共许可证版本 2 或自由软件基金会发布的任何更高版本的条款,授予权限以
复制,分发和/或修改本文档。
本文档中的所有徽标和商标均为各自所有者的财产。
译 者 说 明
1、本译文是借助翻译软件形成的初稿,经由译者对全文进行了两遍的文字的再编辑而成的。
2、本文档的最新版都以 Wireshark 的版本号和首页上的更新时间为准。
3、如您对本文档的某些部分无法理解,请参考原英文版的相应部分。
4、最后,真诚的欢迎各位读者能将本文档中存在的问题反馈给译者,以便在后续的版本中更
正。(QQ 邮箱:1874731688@qq.com)。
译者:王少东
2017 年 1 月 24 日
- 2 -
前 言
目 录
Wireshark 开发人员指南 .......................................................................................................................................... 1
前 言 ....................................................................................................................................................................... 18
1、前言 ........................................................................................................................................................... 18
2、谁应该阅读本文档? ............................................................................................................................... 18
3、致谢 ........................................................................................................................................................... 18
4、关于本文档 ............................................................................................................................................... 19
5、在哪里可以获得本文档的最新版本? ................................................................................................... 19
6、提供有关此文档的反馈 ........................................................................................................................... 19
第一部分 Wireshark 构建环境 ............................................................................................................................ 20
第 1 章 简介 ......................................................................................................................................................... 21
1.1 简介 ........................................................................................................................................................ 21
1.2 什么是 Wireshark? ............................................................................................................................... 21
1.3 支持的平台 ............................................................................................................................................ 21
1.3.1 Unix .............................................................................................................................................. 21
1.3.2 Linux ............................................................................................................................................. 21
1.3.3 Microsoft Windows...................................................................................................................... 22
1.4 Wireshark 的开发和维护 ....................................................................................................................... 22
1.4.1 使用的编程语言 ......................................................................................................................... 22
1.4.2 开源软件 ..................................................................................................................................... 23
1.5 发布和分发 ............................................................................................................................................ 23
1.5.1 二进制发布 ................................................................................................................................. 23
1.5.2 源代码分发 ................................................................................................................................. 24
1.6 自动构建(Buildbot) ................................................................................................................................ 24
1.6.1 优点 ............................................................................................................................................. 25
1.6.2 Buildbot 是什么? ...................................................................................................................... 25
1.7 报告问题并获得帮助 ............................................................................................................................ 26
1.7.1 网站 ............................................................................................................................................. 26
1.7.2 Wiki .............................................................................................................................................. 26
1.7.3 常见问题 FAQ .............................................................................................................................. 26
1.7.4 其它来源 ..................................................................................................................................... 26
1.7.5 邮件列表 ..................................................................................................................................... 27
1.7.6 Bug 数据库(Bugzilla) ................................................................................................................... 27
1.7.7 问答网站 ..................................................................................................................................... 28
1.7.8 报告问题 ..................................................................................................................................... 28
1.7.9 报告 UNIX/Linux 平台上的崩溃情况 ......................................................................................... 28
1.7.10 报告 Windows 平台上的崩溃情况 .......................................................................................... 29
第 2 章 快速安装 ................................................................................................................................................. 30
2.1 UNIX:安装 ............................................................................................................................................ 30
2.2 Win32/64:分步指南 ............................................................................................................................ 30
2.2.1 安装 PowerShell .......................................................................................................................... 30
2.2.2 可选:安装 Chocolatey .............................................................................................................. 30
2.2.3 安装 Microsoft C 编译器和 SDK ................................................................................................. 31
2.2.4 安装 Qt ........................................................................................................................................ 32
2.2.5 安装 Cygwin ................................................................................................................................. 32
2.2.6 安装 Python ................................................................................................................................. 33
2.2.7 安装 Git ....................................................................................................................................... 34
- 3 -
前 言
2.2.7.1 官方 Windows 安装程序 ................................................................................................. 34
2.2.7.2 Git 扩展 ............................................................................................................................ 34
2.2.7.3 TortoiseGit ........................................................................................................................ 34
2.2.7.4 通过 Chocolatey 的命令行客户端 .................................................................................. 34
2.2.7.5 其它 .................................................................................................................................. 34
2.2.8 安装 CMake ................................................................................................................................. 35
2.2.9 安装和准备源 ............................................................................................................................. 35
2.2.10 打开 Visual Studio 命令提示符 ................................................................................................ 36
2.2.11 生成构建文件 ........................................................................................................................... 37
2.2.12 构建 Wireshark .......................................................................................................................... 38
2.2.13 调试环境设置 ........................................................................................................................... 38
2.2.14 可选项:创建用户和开发人员指南 ....................................................................................... 38
2.2.15 可选项:创建 Wireshark 安装程序 ......................................................................................... 39
第 3 章 使用 Wireshark 源 ................................................................................................................................... 40
3.1 简介 ........................................................................................................................................................ 40
3.2 Wireshark Git 仓库 ................................................................................................................................. 40
3.2.1 通过 Web 界面访问 Git 存储库 ................................................................................................. 41
3.3 获取 Wireshark 源代码 .......................................................................................................................... 41
3.3.1 通过 SSH 或 HTTPS 进行 Git ....................................................................................................... 41
3.3.2 Git Web 界面 ............................................................................................................................... 43
3.3.3 Buildbot 的快照 .......................................................................................................................... 43
3.3.4 发布的源 ..................................................................................................................................... 44
3.4 更新 Wireshark 源 .................................................................................................................................. 44
3.4.1 使用 Git 更新 .............................................................................................................................. 44
3.4.2 使用源归档更新 ......................................................................................................................... 44
3.5 构建 Wireshark ....................................................................................................................................... 45
3.5.1 基于 Unix ..................................................................................................................................... 45
3.5.2 Win32 本机 .................................................................................................................................. 45
3.6 运行生成的 Wireshark ........................................................................................................................... 46
3.6.1 Unix/Linux .................................................................................................................................... 46
3.6.2 Win32 本机 .................................................................................................................................. 46
3.7 调试生成的 Wireshark ........................................................................................................................... 46
3.7.1 Unix/Linux .................................................................................................................................... 46
3.7.2 Win32 本机 .................................................................................................................................. 47
3.8 更改 Wireshark 源 .................................................................................................................................. 47
3.9 贡献您的更改 ........................................................................................................................................ 47
3.9.1 一些好的补丁的提示 ................................................................................................................. 48
3.9.2 代码要求 ..................................................................................................................................... 48
3.9.3 上传更改 ..................................................................................................................................... 49
3.9.4 Backporting 更改 ......................................................................................................................... 50
3.10 从其他人申请补丁 .............................................................................................................................. 51
3.10.1 使用补丁 ................................................................................................................................... 51
3.11 二进制包装 .......................................................................................................................................... 51
3.11.1 Debian:.deb 软件包 ................................................................................................................ 51
3.11.2 Red Hat:.rpm 包 ...................................................................................................................... 52
3.11.3 OS X:.dmg 软件包 ................................................................................................................... 52
3.11.4 Win32:NSIS .exe 安装程序 ..................................................................................................... 53
3.11.5 Win32:PortableApps .paf.exe package ................................................................................... 53
第 4 章 工具参考 ................................................................................................................................................. 55
4.1 介绍 ........................................................................................................................................................ 55
4.2 Windows PowerShell .............................................................................................................................. 55
- 4 -
前 言
4.3 Chocolatey .............................................................................................................................................. 55
4.4 Windows:Cygwin ................................................................................................................................. 56
4.4.1 使用 Cygwin 安装程序安装 Cygwin ........................................................................................... 56
4.4.2 添加/更新/删除 Cygwin 包 ......................................................................................................... 57
4.4.3 使用 Chocolatey 安装 Cygwin ..................................................................................................... 57
4.5 GNU 编译器工具链(仅限 UNIX) ............................................................................................................ 57
4.5.1 gcc(GNU 编译器集合) ................................................................................................................. 57
4.5.2 gdb(GNU 项目调试器) ................................................................................................................ 58
4.5.3 ddd(GNU 数据显示调试器) ........................................................................................................ 59
4.5.4 make(GNU Make) ........................................................................................................................ 59
4.6 Microsoft 编译器工具链(Windows 本机) ............................................................................................. 59
4.6.1 Toolchain 包替代 ......................................................................................................................... 60
4.6.2 cl.exe(C 编译器) ........................................................................................................................... 61
4.6.3 link.exe(链接器)........................................................................................................................... 62
4.6.4 C-Runtime“可再分发”文件 .................................................................................................... 62
4.6.4.1 msvcr120.dll/vcredist_x86.exe/vcredist_x64.exe-版本 12.0(2013) ................................. 63
4.6.5 Windows(平台)SDK ..................................................................................................................... 63
4.6.6 HTML 帮助 ................................................................................................................................... 64
4.6.6.1 HTML 帮助编译器(hhc.exe) ............................................................................................. 64
4.6.6.2 HTML 帮助构建文件(htmlhelp.c/htmlhelp.lib) ............................................................... 64
4.6.7 调试器 ......................................................................................................................................... 64
4.6.7.1 Visual Studio 集成调试器 ................................................................................................ 64
4.6.7.2 Windows 的调试工具 ...................................................................................................... 65
4.7 bash ........................................................................................................................................................ 65
4.7.1 UNIX 和 Cygwin:GNU bash ....................................................................................................... 65
4.7.2 Windows 本机: ......................................................................................................................... 66
4.8 Python ..................................................................................................................................................... 66
4.9 Perl .......................................................................................................................................................... 67
4.9.1 UNIX 和 Cygwin:Perl ................................................................................................................. 67
4.10 sed ........................................................................................................................................................ 67
4.10.1 UNIX 和 Cygwin:sed ................................................................................................................ 68
4.10.2 Windows native:sed ................................................................................................................ 68
4.11 Bison ..................................................................................................................................................... 68
4.11.1 UNIX 或 Cygwin:Bison ............................................................................................................. 68
4.11.2 Windows 本机:Win flex-bison 和 bison ................................................................................. 69
4.12 Flex ........................................................................................................................................................ 69
4.12.1 UNIX 或 Cygwin:flex ................................................................................................................ 69
4.12.2 Windows Native:Win flex-bison 和 flex .................................................................................. 69
4.13 Git 客户端 ............................................................................................................................................ 70
4.13.1 UNIX 或 Cygwin:git ................................................................................................................. 70
4.13.2 Windows native:git ................................................................................................................. 70
4.14 Git Powershell 扩展(可选) ................................................................................................................... 71
4.15 Git GUI 客户端(可选) ........................................................................................................................... 71
4.16 补丁(可选) ............................................................................................................................................ 71
4.16.1 UNIX 和 Cygwin:补丁 ............................................................................................................. 71
4.16.2 Windows 本机:补丁 ............................................................................................................... 72
4.17 Windows:NSIS(可选) ......................................................................................................................... 72
4.18 Windows:PortableApps(可选) ........................................................................................................... 72
第 5 章 库参考 ..................................................................................................................................................... 73
5.1 介绍 ........................................................................................................................................................ 73
- 5 -
前 言
5.2 二进制库格式 ........................................................................................................................................ 73
5.2.1 Unix .............................................................................................................................................. 73
5.2.2 Win32:MSVC ............................................................................................................................. 73
5.2.3 Win32:cygwin gcc ..................................................................................................................... 73
5.3 Win32:自动库下载 .............................................................................................................................. 73
5.4 Qt ............................................................................................................................................................ 74
5.4.1 Unix .............................................................................................................................................. 74
5.4.2 Win32 MSVC ................................................................................................................................ 74
5.5 GTK+/GLib/GDK/Pango/ATK/GNU gettext/GNU libiconv ........................................................................ 74
5.5.1 Unix .............................................................................................................................................. 75
5.5.2 Win32 MSVC ................................................................................................................................ 75
5.6 SMI(可选) ............................................................................................................................................... 75
5.6.1 Unix .............................................................................................................................................. 75
5.6.2 Win32 MSVC ................................................................................................................................ 75
5.7 c-ares(可选) ............................................................................................................................................ 75
5.7.1 Unix .............................................................................................................................................. 75
5.7.2 Win32 MSVC ................................................................................................................................ 75
5.8 zlib(可选) ................................................................................................................................................ 76
5.8.1 Unix .............................................................................................................................................. 76
5.8.2 Win32 MSVC ................................................................................................................................ 76
5.9 libpcap/WinPcap(可选) .......................................................................................................................... 76
5.9.1 Unix:libpcap .............................................................................................................................. 76
5.9.2 Win32 MSVC:WinPcap .............................................................................................................. 76
5.10 GnuTLS(可选) ........................................................................................................................................ 76
5.10.1 Unix ............................................................................................................................................ 76
5.10.2 Win32 MSVC .............................................................................................................................. 77
5.11 Gcrypt(可选) ......................................................................................................................................... 77
5.11.1 Unix ............................................................................................................................................ 77
5.11.2 Win32 MSVC .............................................................................................................................. 77
5.12 Kerberos(可选) ..................................................................................................................................... 77
5.12.1 Unix ............................................................................................................................................ 77
5.12.2 Win32 MSVC .............................................................................................................................. 77
5.13 LUA(可选) ............................................................................................................................................. 77
5.13.1 Unix ............................................................................................................................................ 77
5.13.2 Win32MSVC ............................................................................................................................... 78
5.14 PortAudio(可选) ................................................................................................................................... 78
5.14.1 Unix ............................................................................................................................................ 78
5.14.2 Win32 MSVC .............................................................................................................................. 78
5.15 GeoIP(可选) .......................................................................................................................................... 78
5.15.1 UNIX ........................................................................................................................................... 78
5.15.2 Win32 MSVC .............................................................................................................................. 78
5.16 WinSparkle(可选) ................................................................................................................................. 78
5.16.1 Win32 MSVC .............................................................................................................................. 78
第二部分 Wireshark 开发 .................................................................................................................................... 79
第 6 章 Wireshark 如何工作 ................................................................................................................................ 80
6.1 介绍 ........................................................................................................................................................ 80
6.2 概述 ........................................................................................................................................................ 80
6.3 捕获数据包 ............................................................................................................................................ 81
6.4 捕获文件 ................................................................................................................................................ 82
6.5 解析数据包 ............................................................................................................................................ 82
第 7 章 导 言 ....................................................................................................................................................... 83
- 6 -
前 言
7.1 源概述 .................................................................................................................................................... 83
7.2 编码风格 ................................................................................................................................................ 83
7.3 GLib 库 .................................................................................................................................................... 83
第 8 章 数据包捕获 ............................................................................................................................................. 84
8.1 如何向 libpcap 添加新的捕获类型 ....................................................................................................... 84
第 9 章 包解析 ..................................................................................................................................................... 85
9.1 它是如何工作的 .................................................................................................................................... 85
9.2 添加基本解析器 .................................................................................................................................... 85
9.2.1 设置解析器 ................................................................................................................................. 85
9.2.2 解析协议的细节 ......................................................................................................................... 88
9.2.3 改善夹层信息 ............................................................................................................................. 91
9.3 如何处理转换后的数据 ........................................................................................................................ 94
9.4 如何重新组合拆分包 ............................................................................................................................ 95
9.4.1 如何重新组合拆分 UDP 数据包 ................................................................................................ 95
9.4.2 如何重新组合拆分 TCP 数据包 ............................................................................................... 100
9.5 如何 tap 协议 ....................................................................................................................................... 101
9.6 如何生成协议统计信息 ...................................................................................................................... 102
9.7 如何使用对话 ...................................................................................................................................... 104
9.8 idl2wrs:从 CORBA IDL 文件创建解析器 ........................................................................................... 104
9.8.1 是什么? ................................................................................................................................... 104
9.8.2 为什么这样? ........................................................................................................................... 105
9.8.3 如何使用 idl2wrs ....................................................................................................................... 105
9.8.4 TODO .......................................................................................................................................... 107
9.8.5 限制 ........................................................................................................................................... 107
9.8.6 注释 ........................................................................................................................................... 107
第 10 章 Wireshark 中的 Lua 支持 .................................................................................................................... 108
10.1 简介 .................................................................................................................................................... 108
10.2 用 Lua 编写的解析器的例子 ............................................................................................................. 108
10.3 Lua 中写的监听器示例 ...................................................................................................................... 110
第 11 章 Wireshark 的 Lua API 参考手册 .......................................................................................................... 112
11.1 保存捕获文件 .................................................................................................................................... 112
11.1.1 Dumper .................................................................................................................................... 112
11.1.1.1 Dumper.new(filename,[filetype],[encap]) .............................................................. 112
11.1.1.2 dumper:close() ........................................................................................................... 113
11.1.1.3 dumper:flush() ........................................................................................................... 113
11.1.1.4 dumper:dump(timestamp,pseudoheader,bytearray) ......................................... 113
11.1.1.5 dumper:new_for_current([filetype]) ......................................................................... 113
11.1.1.6 dumper:dump_current() ............................................................................................ 114
11.1.2 PseudoHeader ......................................................................................................................... 114
11.1.2.1 PseudoHeader.none() ................................................................................................... 114
11.1.2.2 PseudoHeader.eth([fcslen]) .......................................................................................... 114
11.1.2.3 PseudoHeader.atm([aal],[vpi],[vci],[channel],[cells],[aal5u2u],[aal5len]) .. 115
11.1.2.4 PseudoHeader.mtp2([sent],[annexa],[linknum]) .................................................... 115
11.2 获取解析数据 .................................................................................................................................... 116
11.2.1 字段 ......................................................................................................................................... 116
11.2.1.1 Field.new(fieldname) .................................................................................................... 116
11.2.1.2 Field.list() ...................................................................................................................... 116
11.2.1.3 field:_call() .................................................................................................................... 117
11.2.1.4 field:_tostring() ............................................................................................................. 117
11.2.1.5 field.name ..................................................................................................................... 117
- 7 -
前 言
11.2.1.6 field.display ................................................................................................................... 117
11.2.1.7 field.type ....................................................................................................................... 117
11.2.2 FieldInfo ................................................................................................................................... 118
11.2.2.1 fieldinfo:_len() ........................................................................................................... 118
11.2.2.2 fieldinfo:_unm() ......................................................................................................... 118
11.2.2.3 fieldinfo:_call() ........................................................................................................... 118
11.2.2.4 fieldinfo:_tostring() .................................................................................................... 118
11.2.2.5 fieldinfo:_eq() ............................................................................................................ 118
11.2.2.6 fieldinfo:_le().............................................................................................................. 119
11.2.2.7 fieldinfo:_lt() .............................................................................................................. 119
11.2.2.8 fieldinfo.len ................................................................................................................... 119
11.2.2.9 fieldinfo.offset............................................................................................................... 119
11.2.2.10 fieldinfo.value ............................................................................................................. 119
11.2.2.11 fieldinfo.label .............................................................................................................. 119
11.2.2.12 fieldinfo.display ........................................................................................................... 120
11.2.2.13 fieldinfo.type ............................................................................................................... 120
11.2.2.14 fieldinfo.source ........................................................................................................... 120
11.2.2.15 fieldinfo.range ............................................................................................................. 120
11.2.2.16 fieldinfo.generated ..................................................................................................... 120
11.2.2.17 fieldinfo.hidden ........................................................................................................... 120
11.2.2.18 fieldinfo.is_url ............................................................................................................. 121
11.2.2.19 fieldinfo.little_endian ................................................................................................. 121
11.2.2.20 fieldinfo.big_endian .................................................................................................... 121
11.2.2.21 fieldinfo.name ............................................................................................................. 121
11.2.3 全局函数 ................................................................................................................................. 121
11.2.3.1 all_field_infos() ............................................................................................................. 121
11.3 GUI 支持 ............................................................................................................................................. 122
11.3.1 ProgDlg..................................................................................................................................... 122
11.3.1.1 ProgDlg.new([title],[task]) ......................................................................................... 122
11.3.1.2 progdlg:update(progress,[task]) ............................................................................. 122
11.3.1.3 progdlg:stopped() ...................................................................................................... 123
11.3.1.4 progdlg:close() ........................................................................................................... 123
11.3.2 TextWindow ............................................................................................................................. 123
11.3.2.1 TextWindow.new([title]) ............................................................................................... 123
11.3.2.2 textwindow:set_atclose(action) ................................................................................ 124
11.3.2.3 textwindow:set(text) ................................................................................................. 124
11.3.2.4 textwindow:append(text) .......................................................................................... 124
11.3.2.5 textwindow:prepend(text) ......................................................................................... 125
11.3.2.6 textwindow:clear() ..................................................................................................... 125
11.3.2.7 textwindow:get_text() ............................................................................................... 125
11.3.2.8 textwindow:close() .................................................................................................... 126
11.3.2.9 textwindow:set_editable([editable]) ......................................................................... 126
11.3.2.10 textwindow:add_button(label,function) .............................................................. 126
11.3.3 全局函数 ................................................................................................................................. 127
11.3.3.1 gui_enabled() ................................................................................................................ 127
11.3.3.2 register_menu(name, action, [group]) ......................................................................... 127
11.3.3.3 new_dialog(title, action, ...) .......................................................................................... 128
11.3.3.4 retap_packets() ............................................................................................................. 128
11.3.3.5 copy_to_clipboard(text) ............................................................................................... 128
11.3.3.6 open_capture_file(filename,filter) ............................................................................ 129
11.3.3.7 get_filter() ..................................................................................................................... 129
11.3.3.8 set_filter(text) ............................................................................................................... 129
11.3.3.9 set_color_filter_slot(row,text) ................................................................................... 129
11.3.3.10 apply_filter() ............................................................................................................... 130
- 8 -
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
