blob: eb8d9bbba3b69b3c159ddb8761b86db4df1ec0ba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#!/usr/bin/env lua
--
-- (C) 2021 - ntop.org
--
local json = require "dkjson"
tshark = {}
tshark.__index = tshark
-- ###############################################################
-- Print contents of `tbl`, with indentation.
-- You can call it as tprint(mytable)
-- The other two parameters should not be set
function tprint(s, l, i)
l = (l) or 1000; i = i or "";-- default item limit, indent string
if (l<1) then io.write("ERROR: Item limit reached.\n"); return l-1 end;
local ts = type(s);
if (ts ~= "table") then io.write(i..' '..ts..' '..tostring(s)..'\n'); return l-1 end
io.write(i..' '..ts..'\n');
for k,v in pairs(s) do
local indent = ""
if(i ~= "") then
indent = i .. "."
end
indent = indent .. tostring(k)
l = tprint(v, l, indent);
if (l < 0) then break end
end
return l
end
-- ###############################################################
local function file_exists(name)
local f = io.open(name, "r")
if(f ~= nil) then
io.close(f)
return true
else
return false
end
end
-- ###############################################################
--
-- Creates a tshark class instance
--
function tshark:open(pcap_file_or_dev, filter)
local ret = {}
setmetatable(ret, tshark) -- Open the class
cmd = "tshark -n -T ek -l "
if(file_exists(pcap_file_or_dev)) then
cmd = cmd .. "-r "..pcap_file_or_dev
if(filter ~= nil) then
cmd = cmd .. " -2 -R \"" .. filter .."\""
end
else
cmd = cmd .. "-i "..pcap_file_or_dev
if(filter ~= nil) then
cmd = cmd .. " -f \"" .. filter .."\""
end
end
ret.pipe = io.popen(cmd)
return ret
end
-- ###############################################################
--
-- Terminates the tshark class
--
function tshark:close()
if(self.pipe ~= nil) then
self.pipe:close()
end
end
-- ###############################################################
--
-- Read a single packet
--
function tshark:read()
local l = self.pipe:read()
local j
if(l == nil) then return(nil) end
j = json.decode(l)
if(j.layers ~= nil) then
return(j.layers)
else
return(self:read())
end
end
return tshark
|