Holger Hans Peter Freyther | 8acedec | 2010-06-07 18:09:54 +0800 | [diff] [blame] | 1 | -- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only) |
| 2 | -- Dump files are created for both source and destination hosts |
| 3 | do |
| 4 | local dir = "by_tlli" |
| 5 | local dumpers = {} |
| 6 | local function init_listener() |
| 7 | local udp_port_table = DissectorTable.get("udp.port") |
| 8 | local gprs_ns_dis = Dissector.get("gprs_ns") |
| 9 | udp_port_table:add(23000,gprs_ns_dis) |
| 10 | |
| 11 | local field_tlli = Field.new("bssgp.tlli") |
| 12 | local tap = Listener.new("ip", "udp.port == 23000") |
| 13 | |
| 14 | -- we will be called once for every IP Header. |
| 15 | -- If there's more than one IP header in a given packet we'll dump the packet once per every header |
| 16 | function tap.packet(pinfo,tvb,ip) |
Holger Hans Peter Freyther | bc10593 | 2010-06-07 19:17:30 +0800 | [diff] [blame] | 17 | local tlli = field_tlli() |
| 18 | if not tlli then |
Holger Hans Peter Freyther | 8acedec | 2010-06-07 18:09:54 +0800 | [diff] [blame] | 19 | return |
| 20 | end |
| 21 | |
Holger Hans Peter Freyther | bc10593 | 2010-06-07 19:17:30 +0800 | [diff] [blame] | 22 | local tlli_str = tostring(tlli) |
| 23 | tlli_dmp = dumpers[tlli_str] |
| 24 | if not tlli_dmp then |
| 25 | local tlli_hex = string.format("0x%x", tonumber(tlli_str)) |
| 26 | print("Creating dump for TLLI " .. tlli_hex) |
| 27 | tlli_dmp = Dumper.new_for_current(dir .. "/" .. tlli_hex .. ".pcap") |
| 28 | dumpers[tlli_str] = tlli_dmp |
Holger Hans Peter Freyther | 8acedec | 2010-06-07 18:09:54 +0800 | [diff] [blame] | 29 | end |
Holger Hans Peter Freyther | bc10593 | 2010-06-07 19:17:30 +0800 | [diff] [blame] | 30 | tlli_dmp:dump_current() |
| 31 | tlli_dmp:flush() |
Holger Hans Peter Freyther | 8acedec | 2010-06-07 18:09:54 +0800 | [diff] [blame] | 32 | end |
| 33 | function tap.draw() |
Holger Hans Peter Freyther | bc10593 | 2010-06-07 19:17:30 +0800 | [diff] [blame] | 34 | for tlli,dumper in pairs(dumpers) do |
Holger Hans Peter Freyther | 8acedec | 2010-06-07 18:09:54 +0800 | [diff] [blame] | 35 | dumper:flush() |
| 36 | end |
| 37 | end |
| 38 | function tap.reset() |
Holger Hans Peter Freyther | bc10593 | 2010-06-07 19:17:30 +0800 | [diff] [blame] | 39 | for tlli,dumper in pairs(dumpers) do |
Holger Hans Peter Freyther | 8acedec | 2010-06-07 18:09:54 +0800 | [diff] [blame] | 40 | dumper:close() |
| 41 | end |
| 42 | dumpers = {} |
| 43 | end |
| 44 | end |
| 45 | init_listener() |
| 46 | end |