diff options
Diffstat (limited to 'wireshark/tshark/lib/tshark.lua')
| -rw-r--r-- | wireshark/tshark/lib/tshark.lua | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/wireshark/tshark/lib/tshark.lua b/wireshark/tshark/lib/tshark.lua new file mode 100644 index 000000000..eb8d9bbba --- /dev/null +++ b/wireshark/tshark/lib/tshark.lua @@ -0,0 +1,117 @@ +#!/usr/bin/env lua + +-- +-- (C) 2021 - ntop.org +-- + +local json = require "dkjson" + +tshark = {} +tshark.__index = tshark + +-- ############################################################### + +-- Print contents of `tbl`, with indentation. +-- You can call it as tprint(mytable) +-- The other two parameters should not be set +function tprint(s, l, i) + l = (l) or 1000; i = i or "";-- default item limit, indent string + if (l<1) then io.write("ERROR: Item limit reached.\n"); return l-1 end; + local ts = type(s); + if (ts ~= "table") then io.write(i..' '..ts..' '..tostring(s)..'\n'); return l-1 end + io.write(i..' '..ts..'\n'); + for k,v in pairs(s) do + local indent = "" + + if(i ~= "") then + indent = i .. "." + end + indent = indent .. tostring(k) + + l = tprint(v, l, indent); + if (l < 0) then break end + end + + return l +end + +-- ############################################################### + +local function file_exists(name) + local f = io.open(name, "r") + + if(f ~= nil) then + io.close(f) + return true + else + return false + end +end + +-- ############################################################### + +-- +-- Creates a tshark class instance +-- + +function tshark:open(pcap_file_or_dev, filter) + local ret = {} + + setmetatable(ret, tshark) -- Open the class + + cmd = "tshark -n -T ek -l " + + if(file_exists(pcap_file_or_dev)) then + cmd = cmd .. "-r "..pcap_file_or_dev + + if(filter ~= nil) then + cmd = cmd .. " -2 -R \"" .. filter .."\"" + end + + else + cmd = cmd .. "-i "..pcap_file_or_dev + + if(filter ~= nil) then + cmd = cmd .. " -f \"" .. filter .."\"" + end + end + + ret.pipe = io.popen(cmd) + + return ret +end + +-- ############################################################### + +-- +-- Terminates the tshark class +-- + +function tshark:close() + if(self.pipe ~= nil) then + self.pipe:close() + end +end + +-- ############################################################### + +-- +-- Read a single packet +-- + +function tshark:read() + local l = self.pipe:read() + local j + + if(l == nil) then return(nil) end + + j = json.decode(l) + + if(j.layers ~= nil) then + return(j.layers) + else + return(self:read()) + end +end + +return tshark |