mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-04-28 23:19:42 +00:00
110 lines
2.3 KiB
Lua
Executable file
110 lines
2.3 KiB
Lua
Executable file
#!/usr/bin/env lua
|
|
|
|
--
|
|
-- (C) 2021 - ntop.org
|
|
--
|
|
|
|
package.path = "lib/?.lua;" .. package.path
|
|
|
|
local tshark = require "tshark"
|
|
|
|
-- ======================================
|
|
|
|
function make_key(proto, src, sport, dst, dport)
|
|
if(sport == "") then
|
|
return(proto .. " " .. src .. "-" .. dst)
|
|
else
|
|
return(proto .. " " .. src .. ":" .. sport .. "-" .. dst .. ":" .. dport)
|
|
end
|
|
end
|
|
|
|
-- ======================================
|
|
|
|
|
|
local pcap_file = "../../tests/pcap/tor.pcap"
|
|
|
|
local t = tshark:open(pcap_file, "ip or ipv6")
|
|
|
|
if(t == nil) then
|
|
io.write("Unable to read pcap file "..pcap_file.."\n")
|
|
exit()
|
|
end
|
|
|
|
local flows = {}
|
|
|
|
while(true) do
|
|
local pkt = t:read()
|
|
local flow_key
|
|
local src = ""
|
|
local dst = ""
|
|
local sport = ""
|
|
local dport = ""
|
|
local proto = ""
|
|
|
|
if(pkt == nil) then break end
|
|
|
|
if(pkt.ip ~= nil) then
|
|
-- IPv4
|
|
|
|
src = pkt.ip.ip_ip_src
|
|
dst = pkt.ip.ip_ip_dst
|
|
|
|
if(pkt.ip.ip_ip_proto == "6") then
|
|
sport = pkt.tcp.tcp_tcp_srcport
|
|
dport = pkt.tcp.tcp_tcp_dstport
|
|
proto = "TCP"
|
|
elseif(pkt.ip.ip_ip_proto == "17") then
|
|
sport = pkt.udp.udp_udp_srcport
|
|
dport = pkt.udp.udp_udp_dstport
|
|
proto = "UDP"
|
|
else
|
|
proto = pkt.ip.ip_ip_proto
|
|
end
|
|
|
|
pkt_len = pkt.ip.ip_ip_len
|
|
else
|
|
-- IPv6
|
|
|
|
src = "["..pkt.ipv6.ipv6_ipv6_src.."]"
|
|
dst = "["..pkt.ipv6.ipv6_ipv6_dst.."]"
|
|
|
|
if(pkt.ipv6.ipv6_ipv6_nxt == "6") then
|
|
sport = pkt.tcp.tcp_tcp_srcport
|
|
dport = pkt.tcp.tcp_tcp_dstport
|
|
proto = "TCP"
|
|
elseif(pkt.ipv6.ipv6_ipv6_nxt == "17") then
|
|
sport = pkt.udp.udp_udp_srcport
|
|
dport = pkt.udp.udp_udp_dstport
|
|
proto = "UDP"
|
|
else
|
|
proto = pkt.ipv6.ipv6_ipv6_nxt
|
|
end
|
|
|
|
pkt_len = pkt.ipv6.ipv6_ipv6_plen
|
|
end
|
|
|
|
io.write(".")
|
|
io.flush()
|
|
|
|
flow_key = make_key(proto, src, sport, dst, dport)
|
|
|
|
if(flows[flow_key] == nil) then
|
|
local rev_key = make_key(proto, dst, dport, src, sport, dst)
|
|
|
|
if(flows[rev_key] ~= nil) then
|
|
flows[rev_key].rcvd = flows[rev_key].rcvd + pkt_len
|
|
else
|
|
flows[flow_key] = { sent = pkt_len, rcvd = 0 }
|
|
end
|
|
else
|
|
flows[flow_key].sent = flows[flow_key].sent + pkt_len
|
|
end
|
|
end
|
|
|
|
t:close()
|
|
|
|
io.write("\nFlows:\n")
|
|
|
|
for k, v in pairs(flows) do
|
|
io.write(k.."\t[sent: " .. v.sent .. "][rcvd: " .. v.rcvd .. "]\n")
|
|
end
|