Sending UDP Packets from Wireshark / tshark

0
votes

I am working with a "real time" data analysis toolchain which is separated into two parts. The first part fetches the data to be analyzed, packs it into a UDP packet and sends it to another host. The second part, running on the aforementioned host, receives the UDP packets and performs analysis on the received packets. By "real time" I mean that the output of the analysis toolchain should appear live to a human user, thus latencies of up to 100 ms are acceptable.

I am looking into making a new data source available to the receiving part. The data that I am looking for are being transferred on an Ethercat bus, which I can sniff. Wireshark/tshark have a dissector for Ethercat packets. With that said, it's really simple to get at the data in a script running within Wireshark/tshark. Since I have little control over the second part of the analysis, I cannot readily modify the second part to sniff Ethercat frames via pcap or somesuch.

Is it possible to send UDP packets from a script running in Wireshark/tshark?

1
luaudpwiresharktshark

1 Answers

0
votes

Wireshark's Lua doesn't have a way to do that available out-of-the-box, but it's stock Lua so you can write a wireshark Lua script which itself can import (i.e., use require) any other Lua script or compiled Lua dll/so library. So, for example, you could use the LuaSocket library to send packets from within your wireshark Lua script.

Note that there is no event loop available to Wireshark Lua scripts, so receiving packets via LuaSocket isn't going to work, afaik. But since you're talking about sending over UDP, and sending only when the Wireshark Lua script will get invoked (i.e., because you'd do the send() call inside a tap or dissector), I think it should work. If it does/doesn't please post back, because this question comes up now and then and it would be good to know.