Holger Hans Peter Freyther | df27e3c | 2010-06-07 18:09:54 +0800 | [diff] [blame] | 1 | -- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only) |
| 2 | -- Dump files are created for both source and destination hosts |
| 3 | do |
| 4 | local dir = "by_tlli" |
| 5 | local dumpers = {} |
| 6 | local function init_listener() |
| 7 | local udp_port_table = DissectorTable.get("udp.port") |
| 8 | local gprs_ns_dis = Dissector.get("gprs_ns") |
| 9 | udp_port_table:add(23000,gprs_ns_dis) |
| 10 | |
| 11 | local field_tlli = Field.new("bssgp.tlli") |
| 12 | local tap = Listener.new("ip", "udp.port == 23000") |
| 13 | |
| 14 | -- we will be called once for every IP Header. |
| 15 | -- If there's more than one IP header in a given packet we'll dump the packet once per every header |
| 16 | function tap.packet(pinfo,tvb,ip) |
| 17 | local ttli = field_tlli() |
| 18 | if not ttli then |
| 19 | return |
| 20 | end |
| 21 | |
| 22 | local ttli_str = tostring(ttli) |
| 23 | ttli_dmp = dumpers[ttli_str] |
| 24 | if not ttli_dmp then |
Holger Hans Peter Freyther | 6516ed3 | 2010-06-07 19:16:31 +0800 | [diff] [blame^] | 25 | local ttli_hex = string.format("0x%x", tonumber(ttli_str)) |
| 26 | print("Creating dump for TLLI " .. ttli_hex) |
| 27 | ttli_dmp = Dumper.new_for_current(dir .. "/" .. ttli_hex .. ".pcap") |
Holger Hans Peter Freyther | df27e3c | 2010-06-07 18:09:54 +0800 | [diff] [blame] | 28 | dumpers[ttli_str] = ttli_dmp |
| 29 | end |
| 30 | ttli_dmp:dump_current() |
| 31 | ttli_dmp:flush() |
| 32 | end |
| 33 | function tap.draw() |
| 34 | for ttli,dumper in pairs(dumpers) do |
| 35 | dumper:flush() |
| 36 | end |
| 37 | end |
| 38 | function tap.reset() |
| 39 | for ttli,dumper in pairs(dumpers) do |
| 40 | dumper:close() |
| 41 | end |
| 42 | dumpers = {} |
| 43 | end |
| 44 | end |
| 45 | init_listener() |
| 46 | end |