Updated Wireshark lua dissector

Added -v to ndpiReader to print port stats Recomputed protocol test results
author: Luca Deri <deri@ntop.org> 2017-04-24 00:45:43 +0200
committer: Luca Deri <deri@ntop.org> 2017-04-24 00:45:43 +0200
commit: 43f18ddb0f5b849deb454fa68e447a22912b9ba9 (patch)
tree: 5c0adebb73aa8c089fa0c8ac39c01ba433206814 /wireshark
parent: b9a2511ea80341a5b7186dc49835e4173c4437e5 (diff)
1 files changed, 133 insertions, 2 deletions
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
index 2065d2335..177e0f121 100644
--- a/wireshark/ndpi.lua
+++ b/wireshark/ndpi.lua
@@ -15,8 +15,36 @@ fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STR
 
 local f_eth_trailer = Field.new("eth.trailer")
 
+local ndpi_protos       = {}
+local ndpi_senders      = {}
+local ndpi_receivers    = {}
+
 -- ###############################################
 
+function ndpi_proto.init()
+   ndpi_protos       = {}
+   ndpi_senders      = {}
+   ndpi_receivers    = {}
+end
+
+function slen(str)
+   local i = 1
+   local len = 0
+   local zero = string.char(0)
+   
+   for i = 1, 16 do
+      local c = str:sub(i,i)
+
+      if(c ~= zero) then
+	 len = len + 1
+      else
+	 break
+      end	 
+   end
+
+   return(str:sub(1, len))
+end
+
 -- the dissector function callback
 function ndpi_proto.dissector(tvb, pinfo, tree)
    local pktlen = tvb:len()
@@ -28,8 +56,9 @@ function ndpi_proto.dissector(tvb, pinfo, tree)
       local network_protocol     = tvb(pktlen-24,2)
       local application_protocol = tvb(pktlen-22,2)
       local name = tvb(pktlen-20,16)
-      local name_str = name:string(ENC_UTF_8)
-      
+      local name_str = name:string(ENC_ASCII)
+      local key
+
       ndpi_subtree:add(fds.network_protocol, network_protocol)
       ndpi_subtree:add(fds.application_protocol, application_protocol)
       ndpi_subtree:add(fds.name, name)
@@ -39,9 +68,111 @@ function ndpi_proto.dissector(tvb, pinfo, tree)
 	 -- Set protocol name in the wireshark protocol column (if not Unknown)
 	 pinfo.cols.protocol = name_str
       end
+
+      key = tostring(slen(name_str))
+      if(ndpi_protos[key] == nil) then ndpi_protos[key] = 0 end
+      ndpi_protos[key] = ndpi_protos[key] + pinfo.len
+	 
+      key = tostring(pinfo.src)
+      if(ndpi_senders[key] == nil) then ndpi_senders[key] = 0 end
+      ndpi_senders[key] = ndpi_senders[key] + pinfo.len
+
+      key = tostring(pinfo.dst)
+      if(ndpi_receivers[key] == nil) then ndpi_receivers[key] = 0 end
+      ndpi_receivers[key] = ndpi_receivers[key] + pinfo.len
    end
 end
 
 register_postdissector(ndpi_proto)
 
 -- ###############################################
+
+function round(num, idp)         return tonumber(string.format("%." .. (idp or 0) .. "f", num)) end
+
+-- Convert bytes to human readable format
+function bytesToSize(bytes)
+   if(bytes == nil) then
+      return("0")
+   else
+      precision = 2
+      kilobyte = 1024;
+      megabyte = kilobyte * 1024;
+      gigabyte = megabyte * 1024;
+      terabyte = gigabyte * 1024;
+
+      bytes = tonumber(bytes)
+      if((bytes >= 0) and (bytes < kilobyte)) then
+	 return round(bytes, precision) .. " Bytes";
+	 elseif((bytes >= kilobyte) and (bytes < megabyte)) then
+	 return round(bytes / kilobyte, precision) .. ' KB';
+	 elseif((bytes >= megabyte) and (bytes < gigabyte)) then
+	 return round(bytes / megabyte, precision) .. ' MB';
+	 elseif((bytes >= gigabyte) and (bytes < terabyte)) then
+	 return round(bytes / gigabyte, precision) .. ' GB';
+	 elseif(bytes >= terabyte) then
+	 return round(bytes / terabyte, precision) .. ' TB';
+      else
+	 return round(bytes, precision) .. ' Bytes';
+      end
+   end
+end
+
+function pairsByValues(t, f)
+   local a = {}
+   for n in pairs(t) do table.insert(a, n) end
+   table.sort(a, function(x, y) return f(t[x], t[y]) end)
+   local i = 0      -- iterator variable
+   local iter = function ()   -- iterator function
+      i = i + 1
+      if a[i] == nil then return nil
+      else return a[i], t[a[i]]
+      end
+   end
+   return iter
+end
+
+function asc(a,b) return (a < b) end
+function rev(a,b) return (a > b) end
+
+local function ndpi_dialog_menu()
+   local win = TextWindow.new("nDPI Protocol Statistics");
+   local label = ""
+   local i
+   local max_i = 10
+
+   if(ndpi_protos ~= {}) then
+      label =          "nDPI Protocol Breakdown\n"
+      label = label .. "-----------------------\n"
+
+      i = 0
+      for k,v in pairsByValues(ndpi_protos, rev) do
+	 -- label = label .. k .. "\t".. bytesToSize(v) .. "\n"
+	 label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v))
+	 if(i == max_i) then break else i = i + 1 end
+      end
+
+      -- #######
+
+      label = label .. "\nTop Senders\n"
+      label = label .. "-----------\n"
+      i = 0
+      for k,v in pairsByValues(ndpi_senders, rev) do
+	 label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v))
+	 if(i == max_i) then break else i = i + 1 end
+      end
+
+      -- #######
+
+      label = label .. "\nTop Receivers\n"
+      label = label .. "-------------\n"
+      i = 0
+      for k,v in pairsByValues(ndpi_receivers, rev) do
+	 label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v))
+	 if(i == max_i) then break else i = i + 1 end
+      end
+
+      win:set(label)
+   end
+end
+
+register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED)
author	Luca Deri <deri@ntop.org>	2017-04-24 00:45:43 +0200
committer	Luca Deri <deri@ntop.org>	2017-04-24 00:45:43 +0200
commit	43f18ddb0f5b849deb454fa68e447a22912b9ba9 (patch)
tree	5c0adebb73aa8c089fa0c8ac39c01ba433206814 /wireshark
parent	b9a2511ea80341a5b7186dc49835e4173c4437e5 (diff)