diff options
Diffstat (limited to 'contrib/gprs/gprs-split-trace-by-tlli.lua')
-rw-r--r-- | contrib/gprs/gprs-split-trace-by-tlli.lua | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/contrib/gprs/gprs-split-trace-by-tlli.lua b/contrib/gprs/gprs-split-trace-by-tlli.lua new file mode 100644 index 000000000..018c377c5 --- /dev/null +++ b/contrib/gprs/gprs-split-trace-by-tlli.lua @@ -0,0 +1,46 @@ +-- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only) +-- Dump files are created for both source and destination hosts +do + local dir = "by_tlli" + local dumpers = {} + local function init_listener() + local udp_port_table = DissectorTable.get("udp.port") + local gprs_ns_dis = Dissector.get("gprs_ns") + udp_port_table:add(23000,gprs_ns_dis) + + local field_tlli = Field.new("bssgp.tlli") + local tap = Listener.new("ip", "udp.port == 23000") + + -- we will be called once for every IP Header. + -- If there's more than one IP header in a given packet we'll dump the packet once per every header + function tap.packet(pinfo,tvb,ip) + local tlli = field_tlli() + if not tlli then + return + end + + local tlli_str = tostring(tlli) + tlli_dmp = dumpers[tlli_str] + if not tlli_dmp then + local tlli_hex = string.format("0x%x", tonumber(tlli_str)) + print("Creating dump for TLLI " .. tlli_hex) + tlli_dmp = Dumper.new_for_current(dir .. "/" .. tlli_hex .. ".pcap") + dumpers[tlli_str] = tlli_dmp + end + tlli_dmp:dump_current() + tlli_dmp:flush() + end + function tap.draw() + for tlli,dumper in pairs(dumpers) do + dumper:flush() + end + end + function tap.reset() + for tlli,dumper in pairs(dumpers) do + dumper:close() + end + dumpers = {} + end + end + init_listener() +end |