47 lines
1.3 KiB
Lua
47 lines
1.3 KiB
Lua
-- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only)
|
|
-- Dump files are created for both source and destination hosts
|
|
do
|
|
local dir = "by_tlli"
|
|
local dumpers = {}
|
|
local function init_listener()
|
|
local udp_port_table = DissectorTable.get("udp.port")
|
|
local gprs_ns_dis = Dissector.get("gprs_ns")
|
|
udp_port_table:add(23000,gprs_ns_dis)
|
|
|
|
local field_tlli = Field.new("bssgp.tlli")
|
|
local tap = Listener.new("ip", "udp.port == 23000")
|
|
|
|
-- we will be called once for every IP Header.
|
|
-- If there's more than one IP header in a given packet we'll dump the packet once per every header
|
|
function tap.packet(pinfo,tvb,ip)
|
|
local tlli = field_tlli()
|
|
if not tlli then
|
|
return
|
|
end
|
|
|
|
local tlli_str = tostring(tlli)
|
|
tlli_dmp = dumpers[tlli_str]
|
|
if not tlli_dmp then
|
|
local tlli_hex = string.format("0x%x", tonumber(tlli_str))
|
|
print("Creating dump for TLLI " .. tlli_hex)
|
|
tlli_dmp = Dumper.new_for_current(dir .. "/" .. tlli_hex .. ".pcap")
|
|
dumpers[tlli_str] = tlli_dmp
|
|
end
|
|
tlli_dmp:dump_current()
|
|
tlli_dmp:flush()
|
|
end
|
|
function tap.draw()
|
|
for tlli,dumper in pairs(dumpers) do
|
|
dumper:flush()
|
|
end
|
|
end
|
|
function tap.reset()
|
|
for tlli,dumper in pairs(dumpers) do
|
|
dumper:close()
|
|
end
|
|
dumpers = {}
|
|
end
|
|
end
|
|
init_listener()
|
|
end
|