X-Git-Url: https://git.teslayout.com/public/public/public/?a=blobdiff_plain;ds=sidebyside;f=example%2Fdiameter%2FpcapDecoder%2FtsharkDecoder.sh;h=0f6c640a3095ab92eb38d6cc6869894c3c161973;hb=c56124ff93e8bceec159748dfe5ba8d56c62e3de;hp=93b29d42e1b160f2a7276628d277edec9685a72b;hpb=eb49b785a7e32e6259c7689f3861beed9b5a1a85;p=anna.git
diff --git a/example/diameter/pcapDecoder/tsharkDecoder.sh b/example/diameter/pcapDecoder/tsharkDecoder.sh
index 93b29d4..0f6c640 100755
--- a/example/diameter/pcapDecoder/tsharkDecoder.sh
+++ b/example/diameter/pcapDecoder/tsharkDecoder.sh
@@ -38,7 +38,8 @@
# Decoder version using tshark tool
#
-# RESTRICTIONS: only TCP datagrams. Allow split diameter messages between frames, but not, several messages into single datagram.
+# RESTRICTIONS: TCP & SCTP datagrams. Allow split diameter messages between frames, but not, several messages into single datagram.
+# If sniffing fails, try to create the .hex and .metadata files manually (try 'tshark -nr input.pcap -Vx' and so on ...)
#############
# VARIABLES #
@@ -165,7 +166,9 @@ do
DISECT_SELECTORS="$DISECT_SELECTORS -d tcp.port=$port,diameter"
done
-$TSHARK -E separator="|" -r $PCAP_FILE -N mntC -Tfields $FIELDS $DISECT_SELECTORS 2>/dev/null > $tmpdir/all_frames
+# Changes in project wireshark (see commits e005bc819c2 and 8dfaa8fa7c9): https://github.com/wireshark/wireshark.git
+# Change name resolution resolving flags: 'C' is deprecated. Change '-N mntC' by '-N mntdv':
+$TSHARK -E separator="|" -r $PCAP_FILE -N mntdv -Tfields $FIELDS $DISECT_SELECTORS 2>/dev/null > $tmpdir/all_frames
grep -i diameter $tmpdir/all_frames > $tmpdir/diameter_frames
#cat $tmpdir/all_frames
@@ -307,7 +310,7 @@ do
group_array=( $(echo $group | sed 's/,/ /g') )
echo "Grouping frames ${group_array[*]} ..."
for frame in ${group_array[@]}; do
- cat $RESULTS_DIR/$frame.hex >> $tmpdir/diam.$group
+ cat $RESULTS_DIR/$frame.hex >> $tmpdir/diam.$group 2>/dev/null
done
cat $tmpdir/diam.$group | tr -d '\n' > $RESULTS_DIR/$frame.hex
# Delete all frames except last one in the group:
@@ -318,7 +321,11 @@ done
#segments=( $(cat $tmpdir/diameter_frames | awk -F\| '{ if ($16 == "") print $1 }') )
segments=( $(echo $to_delete) )
echo "Deleting superfluous buffers & metadata (${segments[*]}) ..."
-for s in ${segments[@]}; do rm $RESULTS_DIR/${s}.* ; done
+for s in ${segments[@]}; do rm -f $RESULTS_DIR/${s}.* ; done
+
+# Basic checking:
+ls $RESULTS_DIR/*.metadata >/dev/null 2>/dev/null
+[ $? -ne 0 ] && { echo "No metadata generated !" ; exit 1 ; }
# Detecting Session-Id values:
grep ^sessionid= $RESULTS_DIR/*.metadata 2>/dev/null | cut -d= -f2- | sort -u > $RESULTS_DIR/session-ids
@@ -353,5 +360,13 @@ then
rm $RESULTS_DIR/.wanted $RESULTS_DIR/.all
fi
+# Purge frames with invalid metadata:
+invalid=( $(grep -lw "^code=$" $RESULTS_DIR/*metadata) )
+for file in ${invalid[@]}
+do
+ frm=$(basename $file | cut -d\. -f1)
+ rm $RESULTS_DIR/${frm}.*
+done
+
_exit "Done!" 0