In this tutorial, I will describe the installation process of two Wireshark plugins developed using Lua scripting language for analysing network traffic. With the use of these plugins, potential attackers, zombie host, and victim IP addresses can be identified with ease. In the following paragraphs, you will see a description of how to download and set up these scripts on Windows and Unix-based operating systems.
Begin by cloning the plugin repository using Git:
git clone https://github.com/yoshlsec/Plugins-Wireshark/Depending on your operating system, transfer the .lua files to the appropriate Wireshark plugins directory.
Use one of the following commands, replacing <version> with your Wireshark version folder.
- Command Prompt (CMD):
move .\Plugins-Wireshark\src\*.lua "C:\Program Files\Wireshark\plugins\<version>\"- PowerShell:
Move-Item -Path .\Plugins-Wireshark\src\*.lua -Destination "C:\Program Files\Wireshark\plugins\<version>\"You can use the whereis wireshark command to find its location.
mv ./Plugins-Wireshark/src/*.lua /usr/lib/wireshark/plugins/<version>After moving the Lua files, restart Wireshark. Navigate to the Tools menu, where you should now see the new plugin options: Sender and Receiver.
If you prefer to organize the plugins under a subfolder in the Tools menu, modify the following line in the Lua code.
Default code:
register_menu("IP Sender Sorter", main, MENU_TOOLS_UNSORTED)Subfolder code: (Add folders separated by a slash)
register_menu("Subfolder/IP Sender Sorter", main, MENU_TOOLS_UNSORTED)This will group the plugin under Tools > Subfolder > IP Sender Sorter, creating a cleaner and more structured interface.
Thanks to a good contributor, fiend and supporter 2b2 in this small project.
Enjoy the plugins, in a future there will be more :) A star is appreciate