| -- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only) |
| -- Dump files are created for both source and destination hosts |
| do |
| local dir = "by_tlli" |
| local dumpers = {} |
| local function init_listener() |
| local udp_port_table = DissectorTable.get("udp.port") |
| local gprs_ns_dis = Dissector.get("gprs_ns") |
| udp_port_table:add(23000,gprs_ns_dis) |
| |
| local field_tlli = Field.new("bssgp.tlli") |
| local tap = Listener.new("ip", "udp.port == 23000") |
| |
| -- we will be called once for every IP Header. |
| -- If there's more than one IP header in a given packet we'll dump the packet once per every header |
| function tap.packet(pinfo,tvb,ip) |
| local ttli = field_tlli() |
| if not ttli then |
| return |
| end |
| |
| local ttli_str = tostring(ttli) |
| ttli_dmp = dumpers[ttli_str] |
| if not ttli_dmp then |
| local ttli_hex = string.format("0x%x", tonumber(ttli_str)) |
| print("Creating dump for TLLI " .. ttli_hex) |
| ttli_dmp = Dumper.new_for_current(dir .. "/" .. ttli_hex .. ".pcap") |
| dumpers[ttli_str] = ttli_dmp |
| end |
| ttli_dmp:dump_current() |
| ttli_dmp:flush() |
| end |
| function tap.draw() |
| for ttli,dumper in pairs(dumpers) do |
| dumper:flush() |
| end |
| end |
| function tap.reset() |
| for ttli,dumper in pairs(dumpers) do |
| dumper:close() |
| end |
| dumpers = {} |
| end |
| end |
| init_listener() |
| end |