gmarler

udprecv-info.lua

Sep 11th, 2013
454
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. do
  2.     -- For each dest port we see a packet destined for, store the private "sequence #"
  3.     -- we extracted from the UDP packet, so we can deduce which sequence number should
  4.     -- be next
  5.     local port_seq = {}
  6.    
  7.     -- create the dissector
  8.     local udprecv = Proto("udprecv", "Dissector for our UDPrecv Receive Tester")
  9.    
  10.     -- Put one time initialization code here
  11.     function udprecv.init()
  12.     end
  13.    
  14.     -- field definitions for our protocol that tell wireshark
  15.     -- how to parse and display the useful chunks of data
  16.     local f = udprecv.fields
  17.     f.seq = ProtoField.uint64("udprecv.seq", "seq")
  18.    
  19.     -- The dissector function is called for each captured packet for protocol
  20.     -- that we subscribed
  21.     function udprecv.dissector(buffer, pinfo, tree)
  22.        
  23.         -- Adding fields to the tree
  24.         local subtree = tree:add(udprecv, buffer())
  25.         -- find the chunk of buffer that holds our private "seq #", which starts at 8 bytes
  26.         -- from the beginning of the packet, and is 8 bytes long
  27.         local seq = buffer(8, 8)
  28.        
  29.         if not pinfo.visited then
  30.             local port_str = tostring(pinfo.dst_port)
  31.             if not port_seq[port_str] then
  32.                 -- we've never seen this port before, so add it to port_seq, initializing
  33.                 -- to our private "sequence number" that we've extracted from the packet
  34.                 port_seq[port_str] = seq
  35.             else
  36.                 -- we've seen traffic to this port before, so take the last "sequence number"
  37.                 -- we saw, increment by one, and compare it with the sequence # we just
  38.                 -- extracted from the packet
  39.                 warn(port_seq[port_str])
  40.                 local expected = port_seq[port_str] + 1;
  41.                
  42.                 if seq ~= expected then
  43.                     warn("not sequential")
  44.                     -- pinfo.cols.info = "SEQ: "..seq.." is Invalid!"
  45.                 else
  46.                     info("it was equal")
  47.                 end
  48.                 -- Regardless of what we found, set the current sequence number received
  49.                 -- for this UDP port
  50.                 port_seq[port_str] = { seq }
  51.             end
  52.         end
  53.         subtree:add(f.seq, seq)
  54.     end
  55.  
  56.     -- subscribe for UDP packets on ports 30300-30303
  57.     local udp_table = DissectorTable.get("udp.port")
  58.     for i,port in ipairs{30300,30301,30302,30303} do
  59.       udp_table:add(port,udprecv);
  60.     end
  61. end
RAW Paste Data