# VARIABLES #
#############
tmpdir=$(mktemp -d)
-[ -z "$TSHARK_DECODER_NON_STANDARD_PORTS" ] && TSHARK_DECODER_NON_STANDARD_PORTS="13868"
#############
# FUNCTIONS #
#############
-usage () {
- echo "Usage: $0 <pcap_file> [results_dir]"
+usage() {
echo
- echo " pcap_file: pcap formatted file to be processed."
- echo " results_dir: directory where results are stored."
- echo " By default, pcap file dirname is used."
+ echo "Usage: $0 [-h|--help] [-o|--other-ports] [-d|--results-dir] <pcap>"
+ echo
+ echo " -h|--help: this usage help."
+ echo " -o|--other-ports: space-separated list of ports which frames"
+ echo " will be decoded as diameter protocol although"
+ echo " not being standard. For example, we could use"
+ echo " \"13868\" to disect the Ericsson Sy variant."
+ echo " -d|--results-dir: directory where results are stored."
+ echo " By default, pcap dirname."
+ echo
+ echo " pcap: pcap formatted file to be processed."
echo
echo " The utility, dumps the extracted hexadecimal content"
echo " and useful information as timestamps, source and"
echo " destination:"
- echo " <results_dir>/<frame sequence>.hex"
- echo " <results_dir>/<frame sequence>.metadata"
- echo
- echo
- echo " TSHARK_DECODER_NON_STANDARD_PORTS: environment variable"
- echo " defined as a space-separated list of ports which frames"
- echo " will be decoded as diameter protocol. By default, \"13868\""
- echo " is used when the variable has not been exported in shell,"
- echo " in order to disect the Ericsson Sy variant."
+ echo " <results directory>/<frame sequence>.hex"
+ echo " <results directory>/<frame sequence>.metadata"
echo
_exit
}
+parse_arguments() {
+ OTHER_PORTS=
+ RESULTS_DIR=
+ PCAP_FILE=
+
+ while [ $# -gt 0 ]; do
+ case $1 in
+ -h|--help)
+ usage
+ ;;
+
+ -o|--other-ports)
+ OTHER_PORTS="$2"
+ [ -z "$OTHER_PORTS" ] && _exit "Missing non-standard ports list"
+ shift
+ ;;
+
+ -d|--results-dir)
+ RESULTS_DIR=$2
+ shift
+ ;;
+
+ *)
+ first=$(echo $1 | cut -c1)
+ [ "$first" = "-" ] && _exit "Unsupported script option: $1. Type '$SCR_BN -h' (or --help) to print the available options."
+ PCAP_FILE=$1
+ ;;
+ esac
+ shift
+ done
+
+ [ -z "$PCAP_FILE" ] && _exit "Missing pcap file"
+ [ ! -f "$PCAP_FILE" ] && _exit "Cannot found provided pcap file '$PCAP_FILE' !!"
+ [ -z "$RESULTS_DIR" ] && RESULTS_DIR=`dirname $PCAP_FILE`
+ [ ! -d $RESULTS_DIR ] && _exit "The results directory '$RESULTS_DIR' must exists !!"
+}
+
_exit () {
echo
echo -e $1
echo "============================================"
echo
-# Usage:
-[ "$1" = "" ] && usage
-
-# Pcap file:
-PCAP_FILE=$1
-[ ! -f $PCAP_FILE ] && _exit "Cannot found provided pcap file '$1' !!"
+# Arguments:
+[ "$1" = "" -o "$1" = "--help" -o "$1" = "-h" ] && usage
+parse_arguments "$@"
# Tshark available:
which tshark >/dev/null
[ $? -ne 0 ] && _exit "Missing 'tshark' tool !!"
-# Optional result dir:
-RESULTS_DIR=`dirname $PCAP_FILE`
-[ "$2" != "" ] && RESULTS_DIR=$2
-[ ! -d $RESULTS_DIR ] && _exit "The results directory '$RESULTS_DIR' must exists !!"
-
# Get the frames with diameter content (take care about '-2' two-pass option and don't add it, because we need to get reassembled parts in their corresponding frames):
# Fields needed (we won't need diameter.hopbyhopid & diameter.endtoendid to verify diameter message as hint patterns; length management will be enough):
FIELDS_DIAMETER="-e diameter.cmd.code -e diameter.flags.request -e diameter.applicationId -e diameter.hopbyhopid -e diameter.endtoendid -e diameter.length"
FIELDS="-e frame.number -e frame.time_epoch -e ip.src_host -e ip.dst_host $FIELDS_DIAMETER -e tcp.len -e frame.protocols -e tcp.segment"
# Disect selectors for non-standard diameter ports:
-for port in $TSHARK_DECODER_NON_STANDARD_PORTS
+for port in $OTHER_PORTS
do
+ echo "Taking tcp port $port to be decoded as diameter protocol"
DISECT_SELECTORS="$DISECT_SELECTORS -d tcp.port=$port,diameter"
done
projects / anna.git / commitdiff