This section explains the functions and classes contained in the Dumper module that are used to save Wireshark captured files to local disks.

Dumper represents the Wireshark built-in file formatting writer (see the wtap_name_to_file_type_subtype function);

(the wtap_filetypes table in init.lua is deprecated and should only be used if code must be run on 3 books of Wireshark 3.4.3 or earlier;)

If you want to create your own file formatting writer for Lua scripts, refer to “Custom File Format Reading/Writing”.

11.1.1. Dumper

11.1.1.1. Dumper. New (filename, [filetype], [encap])

Create a file to write packets to, but dumper:new_for_current() might be a better choice;

  • parameter

    • filename

      The name of the capture file to create;

    • Filetype (optional)

      The type of file to create — is a number returned by wtap_name_to_file_type;

      (the wtap_filetypes table in init.lua is deprecated and should only be used if code must be run on 3 books of Wireshark 3.4.3 or earlier;)

    • Encap (optional)

      The wrapper you want to use in the capture file you want to create — is a number returned by the wtap_encaps table in init.lua;

  • The return value

    • A new Dumper object;

11.1.1.2. Dumper: close ()

Close an instance of Dumper;

  • Possible errors

    • Cannot operate on a closed dumper

11.1.1.3. Dumper: flush ()

Save all unsaved data in dumper instance to disk;

11.1.1.4. Dumper: dump (timestamp, preudoheader, bytearray containing)

Save a packet of any type, but Dumper:dump_current() is more useful;

  • parameter

    • timestamp

      A timestamp that identifies the absolute time of the packet;

    • presudoheader

      The PresudoHeader you want to use;

    • bytearray

      Data to be saved;

11.1.1.5. Dumper: new_for_current ([filetype])

Create a capture file using the same encapsulation as the current packet.

  • parameter

    • The filetype (optional)

      The file format to be saved is PCAP by default.

  • The return value

    • A new Dumper object;

  • Possible errors

    • Cannot be used outside a tap or a dissector

11.1.1.6. Dumper: dump_current ()

Save the packets in the current Dumper instance intact;

  • Possible errors

    • Cannot be used outside a tap or a dissector

11.1.2. PreudoHeader

A pseudo-header file used to hold captured frames;

11.1.2.1 PseudoHeader, none ()

Creates an “empty” pseudoheader file (Creates a “no” pseudoheader.)

  • The return value

    • An empty pseudo-header file;

11.1.2.2. PseudoHeader. Eth ([fcslen])

Create an Ethernet pseudo-header file.

  • parameter

    • Fcslen (optional)

      The length of the FCS (Ethernet parity code in protocol data, indicating whether the Ethernet port is healthy);

  • The return value

    • An Ethernet pseudo-header file;

11.1.2.3. PseudoHeader. ATM ([list], [vpi], [vci], [channel], [cells], [aal5u2u], [aal5len])

Creates an ATM pseudoheader file (Creates an ATM pseudoheader.)

  • parameter

    • Aal (optional)

      The list number.

    • Vpi (optional)

      VPI;

    • Vci (optional)

      VCP;

    • Channel (optional)

      Channel;

    • Cells (optional)

      Number of cells in the PDU;

    • Aal5u2u (Optional)

      AAL5 User to User indicator;

    • Aal5len (optional)

      AAL5 Len;

  • The return value

    • An ATM pseudo-header file;

11.1.2.4. PseudoHeader. Mtp2 ([sent], [annexa], [linknum])

Creates an MTP2 PseudoHeader file (Creates an MTP2 PseudoHeader.)

  • parameter

    • Sent (Optional)

      True if the packet was sent, False if it was received;

    • Annexa (optional)

      True if attachment A is used;

    • Linknum (optional)

      The Link Number.

  • The return value

    • An MTP2 pseudo-header file;