Last active
October 2, 2019 12:13
-
-
Save danilomo/357f2eba7adde0a37baf605f98755e1d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- usage: tshark -r something.pcapng -q -X lua_script:tap.lua | |
| local teid = Field.new("gtp.teid") | |
| local teid_cp = Field.new("gtp.teid_cp") | |
| local gtp_msg = Field.new("gtp.message") | |
| local user_ipv4 = Field.new("gtp.user_ipv4") | |
| local rat_type = Field.new("gtp.ext_rat_type") | |
| local time = Field.new("frame.time_epoch") | |
| local frame_number = Field.new("frame.number") | |
| local filter = 'gtp.message == 0x10 or gtp.message == 0x14 or gtp.message == 0x15 or gtp.message == 0x11 or gtp.message == 0x13 or gtp.message == 0x12' | |
| -- .. ' or ' | |
| -- .. '(gtp.message == 0x11 and (gtp.user_ipv4 == XX.XX.XX.XX/22 or gtp.user_ipv4 == XX.XX.XX.XX/22 ... ) | |
| local pdp_sessions = {} | |
| local tcap = Listener.new(nil, filter) | |
| function pdp_session_filter(teid, teid_cp) | |
| return string.format( | |
| "(gtp.teid_cp == 0x%x or gtp.teid == 0x%x) || (gtp.teid == 0x%x)", | |
| teid, teid, teid_cp | |
| ) | |
| end | |
| function tcap.packet(pinfo,tvb,data) | |
| local teidf = teid().value | |
| local teid_cpf = teid_cp() and teid_cp().value or "0" | |
| local gtp_msgf = tonumber(gtp_msg().value) | |
| local timef = tostring(time()) | |
| timef = tonumber(string.sub(timef, 1,10)) + tonumber(string.sub(timef, 12,16)) / 10000.0 -- Lua's tonumber was not working with the whole string | |
| user_ipv4f = (user_ipv4() and tostring(user_ipv4().value)) or "<>" | |
| local framenf = tostring(frame_number()) | |
| local rat_typef = rat_type() and tonumber(rat_type().value) or -999 | |
| if gtp_msgf == 16 then | |
| pdp_sessions[teid_cpf] = { init_time = timef, framen_1 = framenf, rat_type = rat_typef } | |
| elseif gtp_msgf == 17 then | |
| if pdp_sessions[teidf] ~= nil then | |
| pdp_sessions[teidf].teid = teid_cpf | |
| pdp_sessions[teidf].user_ipv4f = user_ipv4f | |
| end | |
| elseif gtp_msgf == 21 then | |
| if pdp_sessions[teidf] ~= nil and pdp_sessions[teidf].teid then | |
| delta = timef - pdp_sessions[teidf].init_time | |
| print( | |
| string.format( | |
| "0x%x, 0x%x, %.2f, %s, %s, %s, %s, %s", | |
| teidf, pdp_sessions[teidf].teid, delta, pdp_sessions[teidf].user_ipv4f, pdp_sessions[teidf].framen_1, framenf, | |
| pdp_session_filter(teidf, pdp_sessions[teidf].teid), pdp_sessions[teidf].rat_type | |
| ) | |
| ) | |
| end | |
| pdp_sessions[teidf] = nil | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment