https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795
--- Comment #5 from Christopher Maynard <christopher.mayn...@igt.com> ---
Created attachment 17958
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17958&action=edit
Wireshark Lua Tap that displays subnet statistics in a UI menu
I don't know if this Lua tap helps or not, but it displays statistics similar
to the Endpoints dialog, except by subnet. Notably, it does *not* suffer from
the bug identified in Bug 16796. In any case, there are some known
deficiencies enumerated below, and there certainly could be other bugs lurking
in the tap too. I'm also sure other improvements could be made - this is after
all the first "release", and I started from another tap I had written
previously, so some additional cleanup could probably be made to it as well.
Anyway, it's just a text file, so you're free to take a look at it to find out
how it works if you're curious and even tweak it as you see fit, if you so
choose.
To use it, save it in the Personal Lua Plugins directory, which you can find
from Wireshark's "Help -> About Wireshark -> Folders -> Personal Lua Plugins".
On my system, this is %APPDATA%\Wireshark\plugins.
You must restart Wireshark for the Lua script to be loaded. After loading a
capture file, you can generate the Subnet Statistics by choosing, "Tools ->
Subnets Statistics". You may have to manually resize the dialog so the text
doesn't wrap; I don't know how to get Wireshark to auto-size it properly to
avoid this.
Other notes about the tap:
Currently, that tap doesn't even attempt to deal with tunneled addresses, only
the outermost IP header. I've intentionally avoided this for now. It *should*
be feasible to enhance the tap to add support for this though, but I just
haven't given it enough thought yet. If there's any interest in this, let me
know and I'll see what I can come up with ...
I've included a "Copy" button so you can copy the text to the clipboard and
paste it elsewhere. Unfortunately, while the text seems well-aligned in the
dialog itself, copying/pasting it elsewhere loses the alignment, even when
switching to a fixed-width font. I don't know how to fix this either.
Currently, the statistics is generated against all IP packets where an
"ip.addr" field is present. I have been unable to figure out how to limit the
statistics to the current display filter only, even though there's a global
get_filter() function available which seemed promising but ultimately failed to
produce the desired results. Either there's a bug here somewhere in Wireshark
Lua code or I'm failing to understand how to use this function properly.
The subnets are *supposed* to be sorted, but that's not working correctly yet.
Unlike the Endpoints dialog, all packet and byte counts are displayed in actual
values. For example, instead of seeing a large number like 28K, you'll see the
actual value, i.e., 27987.
Finally, the tap is written in Lua, so don't expect it to be fast, especially
when run on a large capture file.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
