aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/gprs/gprs-split-trace-by-tlli.lua
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/gprs/gprs-split-trace-by-tlli.lua')
-rw-r--r--contrib/gprs/gprs-split-trace-by-tlli.lua46
1 files changed, 46 insertions, 0 deletions
diff --git a/contrib/gprs/gprs-split-trace-by-tlli.lua b/contrib/gprs/gprs-split-trace-by-tlli.lua
new file mode 100644
index 00000000..018c377c
--- /dev/null
+++ b/contrib/gprs/gprs-split-trace-by-tlli.lua
@@ -0,0 +1,46 @@
+-- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only)
+-- Dump files are created for both source and destination hosts
+do
+ local dir = "by_tlli"
+ local dumpers = {}
+ local function init_listener()
+ local udp_port_table = DissectorTable.get("udp.port")
+ local gprs_ns_dis = Dissector.get("gprs_ns")
+ udp_port_table:add(23000,gprs_ns_dis)
+
+ local field_tlli = Field.new("bssgp.tlli")
+ local tap = Listener.new("ip", "udp.port == 23000")
+
+ -- we will be called once for every IP Header.
+ -- If there's more than one IP header in a given packet we'll dump the packet once per every header
+ function tap.packet(pinfo,tvb,ip)
+ local tlli = field_tlli()
+ if not tlli then
+ return
+ end
+
+ local tlli_str = tostring(tlli)
+ tlli_dmp = dumpers[tlli_str]
+ if not tlli_dmp then
+ local tlli_hex = string.format("0x%x", tonumber(tlli_str))
+ print("Creating dump for TLLI " .. tlli_hex)
+ tlli_dmp = Dumper.new_for_current(dir .. "/" .. tlli_hex .. ".pcap")
+ dumpers[tlli_str] = tlli_dmp
+ end
+ tlli_dmp:dump_current()
+ tlli_dmp:flush()
+ end
+ function tap.draw()
+ for tlli,dumper in pairs(dumpers) do
+ dumper:flush()
+ end
+ end
+ function tap.reset()
+ for tlli,dumper in pairs(dumpers) do
+ dumper:close()
+ end
+ dumpers = {}
+ end
+ end
+ init_listener()
+end