-
7/28/2019 3waylua
1/3
-- Create a file named ackpackets.cap (works for tshark only)--
Dump file is created for all packets captured.-- Display packets
with a capture filter that adheres to display filter
syntaxfirsttime = truefirstclose = falsesetdumpers = truedumpers =
{}dumpfile={}--Set filter to use as capture filter on next
linefilter = "(tcp.flags == 0x02 && tcp.seq == 0) ||
(tcp.flags == 0x12 && tcp.seq == 0) || (tcp.flags == 0x10
&& tcp.seq == 1)" -- syn ack-- tcp.flags-- 0x10 = ack--
0x02 = syn-- 0x12 = syn ack
--first frame--syn, seq = 0--tcp.flags = 0x02 tcp.seq = 0
--second frame--syn ack, seq = 0--tcp.flags = 0x12--tcp.seq =
0
--third frame--ack, seq = 1--tcp.flags = 0x10--tcp.seq = 1
-- Run tshark as shown on the following line-- tshark -X
lua_script:dumptofile_ack_packet.lua -i 4 -o
tcp.relative_sequence_numbers:TRUE
do
--local dumpers = {}
local function init_listener()local tap = Listener.new("frame",
filter)
--tap = Listener.new("frame", filter)--A Listener, is called
once for every packet th
at matches a certain filter or has a certain tap.--It can read
the tree, the packet's Tvb eventua
lly the tapped data but it cannot add elements to the tree.--
Listener.new([tap], [filter])-- Creates a new Listener listener--
tap (optional)--The name of this tap-- filter (optional)--A filter
that when matches the tap.packet func
tion gets called (use nil to be called for every packet)-- This
case I'm filtering for ip--Returns--The newly created Listener
listener object
-- we will be called once for every IP Header.-- If there's more
than one IP header in a given packet we'll du
mp the packet once per every headerfunction
tap.packet(pinfo,tvb,ip)
--listener.packet
-
7/28/2019 3waylua
2/3
--A function that will be called once every packet matches the
Listener listener filter.
--function tap.packet(pinfo,tvb,userdata) ... end
--Packet information
--pinfo.number--The number of this packet in the current
file--tvb--The buffer to dissect
-- local means a variable localto this function
dumpersindex = "ttt"local filename
filename ="ackpackets.cap"--local dumpfile
if setdumpers == true then
dumpfile = dumpers[dumpersindex]
setdumpers = false
end
-- Saving capture files-- dumpers--Dumper.new(filename,
[filetype
], [encap])--Creates a file to write packet
s. Dumper:new_for_current() will probably be a better
choice.--Arguments--filename--The name of the capture file t
o be created
--filetype (optional)--The type of the file to be cre
ated
--encap (optional)--The encapsulation to be used i
n the file to be created
-- The case below is just the file name
-- where dir is a variable of the directory
-- ip_src is a variable which wa
s from-- tap variable ip.src
if firsttime == true then
dumpfile = Dumper.new_for_current( filename )
firsttime=false
-
7/28/2019 3waylua
3/3
end -- end if firsttime == true then
--dumper:dump_current()--Dumps the current packet as it
is
dumpfile:dump_current()
--dumper:flush()--Writes all unsaved data of a d
umper to the disk-- dumpfile:flush()
--Now same for destination IP address to a seperate file
end -- end function tap.packet(pinfo,tvb,ip)
--listener.draw--A function that will be called once every
fewseconds to redraw the gui objects in tshark this funtion is
--called oly at the very end of the capture file. function
tap.draw(userdata) ... end
function tap.draw()
end -- end function tap.draw()
function tap.reset()--listener.reset-- A function that will be
called at the end of the c
apture run. function tap.reset(userdata) ... end
-- dumpers = {}end -- end function tap.reset()
endinit_listener()
end -- do loopdumpfile:flush()dumper:close()
