# Decoder version using tshark tool
#
-# RESTRICTIONS: only TCP datagrams. Allow split diameter messages between frames, but not, several messages into single datagram.
+# RESTRICTIONS: TCP & SCTP datagrams. Allow split diameter messages between frames, but not, several messages into single datagram.
+# If sniffing fails, try to create the <frame>.hex and <frame>.metadata files manually (try 'tshark -nr input.pcap -Vx' and so on ...)
#############
# VARIABLES #
DISECT_SELECTORS="$DISECT_SELECTORS -d tcp.port=$port,diameter"
done
-$TSHARK -E separator="|" -r $PCAP_FILE -N mntC -Tfields $FIELDS $DISECT_SELECTORS 2>/dev/null > $tmpdir/all_frames
+# Changes in project wireshark (see commits e005bc819c2 and 8dfaa8fa7c9): https://github.com/wireshark/wireshark.git
+# Change name resolution resolving flags: 'C' is deprecated. Change '-N mntC' by '-N mntdv':
+$TSHARK -E separator="|" -r $PCAP_FILE -N mntdv -Tfields $FIELDS $DISECT_SELECTORS 2>/dev/null > $tmpdir/all_frames
grep -i diameter $tmpdir/all_frames > $tmpdir/diameter_frames
#cat $tmpdir/all_frames
group_array=( $(echo $group | sed 's/,/ /g') )
echo "Grouping frames ${group_array[*]} ..."
for frame in ${group_array[@]}; do
- cat $RESULTS_DIR/$frame.hex >> $tmpdir/diam.$group
+ cat $RESULTS_DIR/$frame.hex >> $tmpdir/diam.$group 2>/dev/null
done
cat $tmpdir/diam.$group | tr -d '\n' > $RESULTS_DIR/$frame.hex
# Delete all frames except last one in the group:
#segments=( $(cat $tmpdir/diameter_frames | awk -F\| '{ if ($16 == "") print $1 }') )
segments=( $(echo $to_delete) )
echo "Deleting superfluous buffers & metadata (${segments[*]}) ..."
-for s in ${segments[@]}; do rm $RESULTS_DIR/${s}.* ; done
+for s in ${segments[@]}; do rm -f $RESULTS_DIR/${s}.* ; done
+
+# Basic checking:
+ls $RESULTS_DIR/*.metadata >/dev/null 2>/dev/null
+[ $? -ne 0 ] && { echo "No metadata generated !" ; exit 1 ; }
# Detecting Session-Id values:
grep ^sessionid= $RESULTS_DIR/*.metadata 2>/dev/null | cut -d= -f2- | sort -u > $RESULTS_DIR/session-ids
rm $RESULTS_DIR/.wanted $RESULTS_DIR/.all
fi
+# Purge frames with invalid metadata:
+invalid=( $(grep -lw "^code=$" $RESULTS_DIR/*metadata) )
+for file in ${invalid[@]}
+do
+ frm=$(basename $file | cut -d\. -f1)
+ rm $RESULTS_DIR/${frm}.*
+done
+
_exit "Done!" 0