From fd142f5ccbb90160ad3521b6c5acfb8fcf128aca Mon Sep 17 00:00:00 2001 From: Eduardo Ramos Testillano Date: Sun, 31 Jan 2016 05:00:30 +0100 Subject: [PATCH] Environment variable to be more flexible --- example/diameter/pcapDecoder/tsharkDecoder.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/example/diameter/pcapDecoder/tsharkDecoder.sh b/example/diameter/pcapDecoder/tsharkDecoder.sh index b131fe5..b6c98aa 100755 --- a/example/diameter/pcapDecoder/tsharkDecoder.sh +++ b/example/diameter/pcapDecoder/tsharkDecoder.sh @@ -42,6 +42,7 @@ # VARIABLES # ############# tmpdir=$(mktemp -d) +[ -z "$TSHARK_DECODER_NON_STANDARD_PORTS" ] && TSHARK_DECODER_NON_STANDARD_PORTS="13868" ############# # FUNCTIONS # @@ -60,6 +61,13 @@ usage () { echo " /.hex" echo " /.metadata" echo + echo + echo " TSHARK_DECODER_NON_STANDARD_PORTS: environment variable" + echo " defined as a space-separated list of ports which frames" + echo " will be decoded as diameter protocol. By default, \"13868\"" + echo " is used when the variable has not been exported in shell," + echo " in order to disect the Ericsson Sy variant." + echo _exit } @@ -108,8 +116,10 @@ RESULTS_DIR=`dirname $PCAP_FILE` FIELDS_DIAMETER="-e diameter.cmd.code -e diameter.flags.request -e diameter.applicationId -e diameter.hopbyhopid -e diameter.endtoendid -e diameter.length" FIELDS="-e frame.number -e frame.time_epoch -e ip.src_host -e ip.dst_host $FIELDS_DIAMETER -e tcp.len -e frame.protocols -e tcp.segment" # Disect selectors for non-standard diameter ports: -# 13868 port for Ericsson Sy -DISECT_SELECTORS="-d tcp.port=13868,diameter" +for port in $TSHARK_DECODER_NON_STANDARD_PORTS +do + DISECT_SELECTORS="$DISECT_SELECTORS -d tcp.port=$port,diameter" +done tshark -E separator="|" -r $PCAP_FILE -N mntC -Tfields $FIELDS $DISECT_SELECTORS 2>/dev/null | grep -i diameter > $tmpdir/diameter_frames # Example output: -- 2.20.1